PatchSiren cyber security CVE debrief
CVE-2026-15626 nextlevelbuilder CVE debrief
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/tool_bridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out remotely.
- Vendor
- nextlevelbuilder
- Product
- GoClaw
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-14
Who should care
Users of nextlevelbuilder GoClaw 3.13.3-beta.3 should review and apply patches to prevent path traversal attacks.
Technical summary
The vulnerability is caused by a path traversal issue in the writeFile function of the internal/providers/acp/tool_bridge.go file in the ACP ToolBridge Workspace Handler component of nextlevelbuilder GoClaw 3.13.3-beta.3. The attack can be carried out remotely.
Defensive priority
Low priority due to CVSS score of 2.1
Recommended defensive actions
- Review and apply patches for nextlevelbuilder GoClaw 3.13.3-beta.3
- Monitor for remote attacks
- Implement compensating controls for path traversal
Evidence notes
Evidence is limited. Verify vulnerability details with nextlevelbuilder. Check inventory for affected versions.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T04:17:04.430Z and has not been modified since then.