PatchSiren cyber security CVE debrief
CVE-2026-10218 nextlevelbuilder CVE debrief
A low-severity improper authorization vulnerability in nextlevelbuilder GoClaw affects the auth function in internal/http/evolution_handlers.go through version 3.11.3. The vulnerability allows remote attackers to bypass authorization controls. The issue has been publicly disclosed and tagged as a bug by the project maintainers. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low privileges and no user interaction, with low impacts to integrity and availability. No known exploitation in ransomware campaigns has been reported.
- Vendor
- nextlevelbuilder
- Product
- GoClaw
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-01
- Original CVE updated
- 2026-06-01
- Advisory published
- 2026-06-01
- Advisory updated
- 2026-06-01
Who should care
Organizations running GoClaw versions up to 3.11.3 that rely on the auth function for access control should prioritize patching. Security teams should monitor for unauthorized access attempts against affected endpoints.
Technical summary
The auth function in internal/http/evolution_handlers.go in nextlevelbuilder GoClaw through 3.11.3 fails to properly enforce authorization checks, allowing remote attackers with low privileges to manipulate authorization state. The vulnerability is exploitable over the network without user interaction. The project has acknowledged the issue as a bug via GitHub issue #1120.
Defensive priority
low
Recommended defensive actions
- Upgrade GoClaw to a version newer than 3.11.3 when available, or apply patches from the project maintainers.
- Review authorization logic in internal/http/evolution_handlers.go, specifically the auth function, to ensure proper privilege verification.
- Monitor the project's GitHub issue #1120 for maintainer updates and remediation guidance.
- Implement defense-in-depth authorization controls at additional layers if immediate patching is not feasible.
- Review access logs for anomalous requests to endpoints handled by evolution_handlers.go that may indicate authorization bypass attempts.
Evidence notes
The vulnerability is documented in NVD with VulDB as the CNA. The source references include the GoClaw GitHub repository, issue #1120, and multiple VulDB entries. The CVSS score of 2.1 reflects limited impact scope. Weaknesses are classified as CWE-266 (Incorrect Privilege Assignment) and CWE-285 (Improper Authorization).
Official resources
Public disclosure occurred on 2026-06-01. The vulnerability was reported via VulDB and an issue was filed on the project's GitHub repository. The project has acknowledged the issue as a bug.