Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible blacklist bypass requiring low-privilege auth; unchanged scope with limited C/I/A impact consistent with information-disclosure tag and CVSS 4.0 VC:L/VI:L/VA:L.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/exec_approval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public and could be used.
AnalysisAI
GoClaw 3.11.3 by nextlevelbuilder exposes an incomplete blacklist bypass in the ExecApprovalManager.CheckCommand function, allowing authenticated low-privilege remote attackers to circumvent command approval controls enforced in internal/tools/exec_approval.go. The bypass can yield limited confidentiality, integrity, and availability impacts consistent with the information-disclosure tag and the VC:L/VI:L/VA:L CVSS 4.0 impact metrics. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-privilege authenticated access to the GoClaw application (confirmed by PR:L in the CVSS 4.0 vector - unauthenticated exploitation is not supported by available data). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 is unusually low for a network-accessible, low-complexity, low-privilege flaw, reflecting the constrained impact metrics (VC:L/VI:L/VA:L, no subsequent-system impact). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user with low-privilege access to a GoClaw 3.11.3 deployment crafts a command input that falls outside the enumerated blacklist patterns in ExecApprovalManager.CheckCommand, submitting it over the network without requiring any victim interaction. The malformed or obfuscated command bypasses the approval filter, allowing the attacker to issue commands that should have been rejected, potentially reading restricted data or making unauthorized modifications within the scope GoClaw manages. … |
| Remediation | No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
OS command injection in nextlevelbuilder GoClaw through version 3.11.3 allows remote attackers to execute arbitrary shel
Missing authentication in GoClaw's Webhook Verification Handler allows unauthenticated remote attackers to interact with
Improper authorization in the GoClaw and GoClaw Lite RPC gateway allows unauthenticated remote attackers to invoke privi
Path traversal in GoClaw 3.13.3-beta.3 allows authenticated remote attackers to read or write files outside the intended
Incorrect authorization in nextlevelbuilder GoClaw's WebSocket RPC Handler allows authenticated low-privilege remote att
Server-side request forgery in GoClaw 3.13.3-beta.3 enables authenticated remote attackers to manipulate the `output.vid
Improper authorization in GoClaw (nextlevelbuilder/goclaw) up to version 3.11.3 allows a remote low-privileged attacker
Improper privilege management in nextlevelbuilder GoClaw up to version 3.11.3 allows authenticated low-privileged users
Missing authorization in nextlevelbuilder GoClaw up to version 3.11.3 allows low-privileged remote attackers to trigger
Information disclosure in nextlevelbuilder GoClaw up to version 3.13.3-beta.3 allows remote low-privileged attackers to
Server-side request forgery in nextlevelbuilder GoClaw through version 3.11.3 allows remote attackers with high-privileg
Same weakness CWE-184 – Incomplete List of Disallowed Inputs
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43614
GHSA-3qh8-qhwr-v2j5