CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The...

high 7.3 CVSS 3.1

Published: Jun 1, 2026

Modified: Jun 1, 2026

Description

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

References

https://github.com/nextlevelbuilder/goclaw/
https://github.com/nextlevelbuilder/goclaw/issues/1121
https://github.com/nextlevelbuilder/goclaw/pull/1155
https://vuldb.com/cve/CVE-2026-10219
https://vuldb.com/submit/821939
https://vuldb.com/vuln/367498
https://vuldb.com/vuln/367498/cti

Version	3.1
Score	7.3 / 10
Severity	high