CVE-2026-10616
4.3 MEDIUMA weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3
Published: 2026-06-02 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-862, CWE-863
Description
A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion Handler. Executing a manipulation can lead to missing authorization. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10616
- [Other]https://github.com/nextlevelbuilder/goclaw/
- [Other]https://github.com/nextlevelbuilder/goclaw/issues/1133
- [Other]https://vuldb.com/cve/CVE-2026-10616
- [Other]https://vuldb.com/submit/829420
- [Other]https://vuldb.com/vuln/367925
- [Other]https://vuldb.com/vuln/367925/cti
Related CVEs
Same CWE
- CVE-2026-47238 — ClipBucket v5 is an open source video sharing platform (6.5 MEDIUM)
- CVE-2026-53818 — OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to ski... (6.6 MEDIUM)
- CVE-2026-53816 — OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to... (7.2 HIGH)
- CVE-2026-53815 — OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks (6.5 MEDIUM)
- CVE-2026-53809 — OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to... (3.8 LOW)