CVE-2026-10219

medium

Description

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

References

https://vuldb.com/vuln/367498/cti

https://vuldb.com/vuln/367498

https://vuldb.com/submit/821939

https://vuldb.com/cve/CVE-2026-10219

https://github.com/nextlevelbuilder/goclaw/pull/1155

https://github.com/nextlevelbuilder/goclaw/issues/1121

https://github.com/nextlevelbuilder/goclaw/

Details

Source: Mitre, NVD

Published: 2026-06-01

Updated: 2026-06-01

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00837