Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
CVE-2026-10583: Nextlevelbuilder GoClaw TTS Config Data Exposure Risk
CVE-2026-10583
Summary
A vulnerability in Nextlevelbuilder GoClaw version 3.11.3 or earlier allows attackers to trick the server into making unauthorized requests. This could potentially expose sensitive data or disrupt the system. Nextlevelbuilder recommends updating to a fixed version of GoClaw to address this issue.
Original title
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Config...
Original description
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
2.0
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026