CVE-2026-10219
7.3 HIGHA vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-77, CWE-78
Description
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10219
- [Other]https://github.com/nextlevelbuilder/goclaw/
- [Other]https://github.com/nextlevelbuilder/goclaw/issues/1121
- [Other]https://github.com/nextlevelbuilder/goclaw/pull/1155
- [Other]https://vuldb.com/cve/CVE-2026-10219
- [Other]https://vuldb.com/submit/821939
- [Other]https://vuldb.com/vuln/367498
- [Other]https://vuldb.com/vuln/367498/cti
Related CVEs
Same CWE
- CVE-2026-12161 — Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user ...
- CVE-2026-48723 — The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack (7.8 HIGH)
- CVE-2025-56814 — A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
- CVE-2026-9863 — Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client in... (7.5 HIGH)
- CVE-2026-9862 — Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service (9.8 CRITICAL)