PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15626 nextlevelbuilder CVE debrief

A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out remotely.

Vendor
nextlevelbuilder
Product
GoClaw
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-14
Advisory published
2026-07-14
Advisory updated
2026-07-14

Who should care

Users of nextlevelbuilder GoClaw 3.13.3-beta.3 should review and apply patches to prevent path traversal attacks.

Technical summary

The vulnerability is caused by a path traversal issue in the writeFile function of the internal/providers/acp/tool_bridge.go file in the ACP ToolBridge Workspace Handler component of nextlevelbuilder GoClaw 3.13.3-beta.3. The attack can be carried out remotely.

Defensive priority

Low priority due to CVSS score of 2.1

Recommended defensive actions

  • Review and apply patches for nextlevelbuilder GoClaw 3.13.3-beta.3
  • Monitor for remote attacks
  • Implement compensating controls for path traversal

Evidence notes

Evidence is limited. Verify vulnerability details with nextlevelbuilder. Check inventory for affected versions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T04:17:04.430Z and has not been modified since then.