nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

Basic Information

ID CVE-2026-10219

Source VulDB

Published Jun 1, 2026 at 03:15

Affected Product

Vendor nextlevelbuilder

Product GoClaw

Version 3.11.0

Affected Versions nextlevelbuilder GoClaw 3.11.0
nextlevelbuilder GoClaw 3.11.1
nextlevelbuilder GoClaw 3.11.2
nextlevelbuilder GoClaw 3.11.3

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.",
    "published": "2026-06-01T03:15:09.484Z",
    "modified": "2026-06-01T03:15:09.484Z",
    "type": "cve",
    "title": "nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367498\nhttps://vuldb.com/vuln/367498/cti\nhttps://vuldb.com/cve/CVE-2026-10219\nhttps://vuldb.com/submit/821939\nhttps://github.com/nextlevelbuilder/goclaw/issues/1121\nhttps://github.com/nextlevelbuilder/goclaw/pull/1155\nhttps://github.com/nextlevelbuilder/goclaw/",
    "id": "CVE-2026-10219",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "nextlevelbuilder GoClaw 3.11.0\nnextlevelbuilder GoClaw 3.11.1\nnextlevelbuilder GoClaw 3.11.2\nnextlevelbuilder GoClaw 3.11.3",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoClaw",
    "version": "3.11.0",
    "vendor": "nextlevelbuilder",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection_CVE-2026-10219