CVE-2026-16122
Severity CVSS v4.0:
LOW
Type:
CWE-285
Improper Authorization
Publication date:
18/07/2026
Last modified:
18/07/2026
Description
A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec_approval.go. The manipulation results in incorrect authorization. The exploit has been released to the public and may be used for attacks.
Impact
Base Score 4.0
1.90
Severity 4.0
LOW
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.70
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/nextlevelbuilder/goclaw/
- https://github.com/nextlevelbuilder/goclaw/issues/1216
- https://github.com/nextlevelbuilder/goclaw/issues/1216#issuecomment-4760050291
- https://vuldb.com/cve/CVE-2026-16122
- https://vuldb.com/submit/856856
- https://vuldb.com/vuln/379831
- https://vuldb.com/vuln/379831/cti



