Skip to main content

GoClaw CVE-2026-10217

| EUVD-2026-33538 LOW
Improper Privilege Management (CWE-269)
2026-06-01 VulDB GHSA-xvg5-76pr-547q
Privilege Escalation Goclaw
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 01, 2026 - 04:23 vuln.today
Severity Changed
Jun 01, 2026 - 04:22 NVD
MEDIUM LOW
CVSS changed
Jun 01, 2026 - 04:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project tagged the reported issue as bug.

AnalysisAI

Improper privilege management in nextlevelbuilder GoClaw up to version 3.11.3 allows authenticated low-privileged users to escalate privileges via the handleSave function of the RoleAdmin Gateway component (internal/http/tts_config.go). The vulnerability is remotely exploitable over the network with no user interaction required, though a low-privilege authenticated session is a prerequisite per the CVSS:4.0 vector (PR:L). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege GoClaw account
Delivery
Authenticate to network-exposed GoClaw instance
Exploit
Send crafted request to RoleAdmin Gateway handleSave endpoint
Execution
Bypass privilege enforcement in tts_config.go
Persist
Perform admin-level configuration actions
Impact
Achieve unauthorized privilege elevation within application
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with at least low-privilege access to the GoClaw instance (PR:L per CVSS:4.0 vector) - unauthenticated exploitation is not supported by available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 2.1 (LOW) is consistent with the constrained impact profile: all three CIA sub-scores are Low (VC:L/VI:L/VA:L), there is no scope change (SC:N/SI:N/SA:N), and exploitation requires low privileges (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid low-privilege GoClaw account sends a crafted HTTP request to the RoleAdmin Gateway's handleSave endpoint, exploiting the absent or bypassable privilege check in tts_config.go to perform administrative configuration actions. Because a proof-of-concept has been published on GitHub (issue #1118), the mechanics of triggering the flaw are publicly documented, lowering the skill threshold for exploitation. …
Remediation No vendor-released patched version has been independently confirmed at the time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10217 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy