nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization_CVE-2026-7505

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.

Basic Information

ID CVE-2026-7505

Source VulDB

Published Apr 30, 2026 at 22:00

Affected Product

Vendor nextlevelbuilder

Product GoClaw

Version 3.8.0

Affected Versions nextlevelbuilder GoClaw 3.8.0
nextlevelbuilder GoClaw 3.8.1
nextlevelbuilder GoClaw 3.8.2
nextlevelbuilder GoClaw 3.8.3
nextlevelbuilder GoClaw 3.8.4
nextlevelbuilder GoClaw 3.8.5
nextlevelbuilder GoClaw Lite 3.8.0
nextlevelbuilder GoClaw Lite 3.8.1
nextlevelbuilder GoClaw Lite 3.8.2
nextlevelbuilder GoClaw Lite 3.8.3
nextlevelbuilder GoClaw Lite 3.8.4
nextlevelbuilder GoClaw Lite 3.8.5

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.",
    "published": "2026-04-30T22:00:16.529Z",
    "modified": "2026-04-30T22:00:16.529Z",
    "type": "cve",
    "title": "nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360314\nhttps://vuldb.com/vuln/360314/cti\nhttps://vuldb.com/submit/803458\nhttps://github.com/nextlevelbuilder/goclaw/issues/866\nhttps://github.com/nextlevelbuilder/goclaw/pull/950\nhttps://github.com/nextlevelbuilder/goclaw/commit/406022e79f4a18b3070a446712080571eff11e30\nhttps://github.com/nextlevelbuilder/goclaw/releases/tag/v3.9.0\nhttps://github.com/nextlevelbuilder/goclaw/",
    "id": "CVE-2026-7505",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "nextlevelbuilder GoClaw 3.8.0\nnextlevelbuilder GoClaw 3.8.1\nnextlevelbuilder GoClaw 3.8.2\nnextlevelbuilder GoClaw 3.8.3\nnextlevelbuilder GoClaw 3.8.4\nnextlevelbuilder GoClaw 3.8.5\nnextlevelbuilder GoClaw Lite 3.8.0\nnextlevelbuilder GoClaw Lite 3.8.1\nnextlevelbuilder GoClaw Lite 3.8.2\nnextlevelbuilder GoClaw Lite 3.8.3\nnextlevelbuilder GoClaw Lite 3.8.4\nnextlevelbuilder GoClaw Lite 3.8.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoClaw",
    "version": "3.8.0",
    "vendor": "nextlevelbuilder",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}