nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.

Basic Information

ID CVE-2026-10583

Source VulDB

Published Jun 2, 2026 at 02:45

Affected Product

Vendor nextlevelbuilder

Product GoClaw

Version 3.11.0

Affected Versions nextlevelbuilder GoClaw 3.11.0
nextlevelbuilder GoClaw 3.11.1
nextlevelbuilder GoClaw 3.11.2
nextlevelbuilder GoClaw 3.11.3

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.",
    "published": "2026-06-02T02:45:08.811Z",
    "modified": "2026-06-02T02:45:08.811Z",
    "type": "cve",
    "title": "nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367710\nhttps://vuldb.com/vuln/367710/cti\nhttps://vuldb.com/cve/CVE-2026-10583\nhttps://vuldb.com/submit/829407\nhttps://github.com/nextlevelbuilder/goclaw/issues/1132\nhttps://github.com/digitopvn/goclaw/issues/30\nhttps://github.com/nextlevelbuilder/goclaw/",
    "id": "CVE-2026-10583",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "nextlevelbuilder GoClaw 3.11.0\nnextlevelbuilder GoClaw 3.11.1\nnextlevelbuilder GoClaw 3.11.2\nnextlevelbuilder GoClaw 3.11.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoClaw",
    "version": "3.11.0",
    "vendor": "nextlevelbuilder",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery_CVE-2026-10583