CVE-2026-7505
HIGHnextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
Title source: cnaDescription
A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.
References (8)
Core 8
Core References
Vdb Entry vdb-entry
VDB-360314 | nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
https://vuldb.com/vuln/360314
Signature, Permissions Required signature
permissions-required
VDB-360314 | CTI Indicators (IOB, IOC, TTP)
https://vuldb.com/vuln/360314/cti
Third Party Advisory third-party-advisory
Submit #803458 | Goclaw V0.4.0 Command execution
https://vuldb.com/submit/803458
Exploit exploit
issue-tracking
https://github.com/nextlevelbuilder/goclaw/issues/866
Patch issue-tracking
patch
https://github.com/nextlevelbuilder/goclaw/pull/950
Patch patch
https://github.com/nextlevelbuilder/goclaw/commit/406022e79f4a18b3070a446712080571eff11e30
Product product
https://github.com/nextlevelbuilder/goclaw/
Scores
CVSS v3
7.3
EPSS
0.0038
EPSS Percentile
29.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (14)
nextlevelbuilder/GoClaw
3.8.0
nextlevelbuilder/GoClaw
3.8.1
nextlevelbuilder/GoClaw
3.8.2
nextlevelbuilder/GoClaw
3.8.3
nextlevelbuilder/GoClaw
3.8.4
nextlevelbuilder/GoClaw
3.8.5
nextlevelbuilder/GoClaw
3.9.0
nextlevelbuilder/GoClaw Lite
3.8.0
nextlevelbuilder/GoClaw Lite
3.8.1
nextlevelbuilder/GoClaw Lite
3.8.2
... and 4 more
Published
Apr 30, 2026
Tracked Since
May 01, 2026