CVE Catalog

CVE-2026-14716

MediumCVSS 6.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A security vulnerability was found in GoClaw up to version 3.13.0-beta.2. The issue affects the MethodRouter.Handle function in internal/gateway/router.go of the WebSocket RPC Handler component, leading to incorrect authorization. The attack can be launched remotely and the exploit has been publicly disclosed.

Risk Assessment

The organization is at risk of remote exploitation of the authorization flaw, which could allow unauthorized access to WebSocket RPC functions and potentially compromise system integrity.

Recommendation

Immediately update GoClaw to a version later than 3.13.0-beta.2 once a patch is released by the vendor, and monitor publicly available exploits.

Original NVD description (English source)

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS