CVE-2026-14716
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A security vulnerability was found in GoClaw up to version 3.13.0-beta.2. The issue affects the MethodRouter.Handle function in internal/gateway/router.go of the WebSocket RPC Handler component, leading to incorrect authorization. The attack can be launched remotely and the exploit has been publicly disclosed.
Risk Assessment
The organization is at risk of remote exploitation of the authorization flaw, which could allow unauthorized access to WebSocket RPC functions and potentially compromise system integrity.
Recommendation
Immediately update GoClaw to a version later than 3.13.0-beta.2 once a patch is released by the vendor, and monitor publicly available exploits.
Original NVD description (English source)
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report.

