CVE-2026-7505 MEDIUM

CVE-2026-7505: nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization

Vendor Nextlevelbuilder
Product GoClaw
Weakness CWE-285
Published April 30, 2026
Last update May 1, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9.0 mitigates this issue. Patch name: 406022e79f4a18b3070a446712080571eff11e30. You should upgrade the affected component.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 1, 2026 Record updated