CVE-2026-10583 | nextlevelbuilder GoClaw up to 3.11.3 TTS Configuration Endpoint tts_config.go import server-side request forgery (Issue 1132)

Inserito da Angelo Barbosa | Giu 1, 2026 | CVE

A vulnerability classified as critical has been found in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-10583. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project tagged the reported issue as bug.

CVE-2026-10583 | nextlevelbuilder GoClaw up to 3.11.3 TTS Configuration Endpoint tts_config.go import server-side request forgery (Issue 1132)

Post correlati

CVE-2024-51142 | Chamilo LMS 1.11.26 storageapi.php svkey cross site scripting

CVE-2024-12860 | scriptsbundle CarSpot Plugin up to 2.4.3 on WordPress unverified password change

CVE-2024-35146 | IBM Maximo Application Suite 8.10.11/8.11.8/9.0.0 Monitor cross site scripting

CVE-2025-68228 | Linux Kernel up to 6.17.9 create_in_format_blob return value