Nextlevelbuilder GoClaw Authorization Bypass Vulnerability in Exec Approval

Vulnerability

An authorization bypass vulnerability has been identified in Nextlevelbuilder GoClaw versions up to 3.13.2. The issue arises in the exec approval process, where the system incorrectly treats different executables as the same trusted binary if they share a basename. This flaw allows an authenticated operator-level user to execute commands on the host without proper authorization, bypassing the intended approval process.

Impact

Exploitation of this vulnerability allows for unauthorized execution of commands on the host system, potentially leading to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by first approving a command without a path, such as 'canary-bin', with the 'always=true' option. Then, a path-scoped command like './canary-bin' can be invoked without a second approval, even though it points to a different executable. This can be automated with a script that handles the approval process via WebSocket.

Remediation

Users are advised to update to GoClaw versions after 3.13.2, where this vulnerability has been addressed.

Added: Jul 18, 2026, 3:26 PM
Updated: Jul 18, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
10.0
exploitability
6.6
remediation
0.0
relevance
10.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.