CVE-2026-7505

HIGH

nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization

Title source: cna

Description

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.

References (8)

[Vdb Entry] https://vuldb.com/vuln/360314

[Signature, Permissions Required] https://vuldb.com/vuln/360314/cti

[Third Party Advisory] https://vuldb.com/submit/803458

[Exploit] https://github.com/nextlevelbuilder/goclaw/issues/866

[Patch] https://github.com/nextlevelbuilder/goclaw/pull/950

[Patch] https://github.com/nextlevelbuilder/goclaw/commit/406022e79f4a18b3070a446712080571eff11e30

View Patch ZIP pw:eip

[Patch] https://github.com/nextlevelbuilder/goclaw/releases/tag/v3.9.0

[Product] https://github.com/nextlevelbuilder/goclaw/

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 13.3%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (14)

nextlevelbuilder/GoClaw 3.8.0

nextlevelbuilder/GoClaw 3.8.1

nextlevelbuilder/GoClaw 3.8.2

nextlevelbuilder/GoClaw 3.8.3

nextlevelbuilder/GoClaw 3.8.4

nextlevelbuilder/GoClaw 3.8.5

nextlevelbuilder/GoClaw 3.9.0

nextlevelbuilder/GoClaw Lite 3.8.0

nextlevelbuilder/GoClaw Lite 3.8.1

nextlevelbuilder/GoClaw Lite 3.8.2

... and 4 more

Published Apr 30, 2026

Tracked Since May 01, 2026