Back to overview

CVE-2026-15626

MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Metadata

CVE ID
CVE-2026-15626
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-13 17:23 UTC
Published
2026-07-14 02:15 UTC
Last updated
2026-07-14 02:15 UTC
Primary CWE
CWE-22
Path Traversal
Vendor / Product
nextlevelbuilder / GoClaw
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
Affected products (1)
VendorProductPlatformVersions
nextlevelbuilder GoClaw 3.13.3-beta.3
Weakness (CWE)
CWESourceDescription
CWE-22 cna Path Traversal
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (7)
Back to overview