CVE-2026-10583 | nextlevelbuilder GoClaw up to 3.11.3 TTS Configuration Endpoint tts_config.go import server-side request forgery (Issue 1132)

Inserito da Angelo Barbosa | Giu 1, 2026 | CVE

A vulnerability classified as critical has been found in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-10583. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project tagged the reported issue as bug.

CVE-2026-10583 | nextlevelbuilder GoClaw up to 3.11.3 TTS Configuration Endpoint tts_config.go import server-side request forgery (Issue 1132)

Post correlati

CVE-2024-29384 | CSS Exfil Protection 1.1.0 content.js parseCSSRules information disclosure (Issue 41)

CVE-2023-52690 | Linux Kernel up to 6.7.1 scom_debug_init_one null pointer dereference

CVE-2024-53979 | zhmcclient zhmc-ansible-modules up to 1.9.2 Ansible Module cleartext storage (GHSA-mw6c-f428-jx4f)

CVE-2026-0828 | Safetica Endpoint Client Kernel Driver ProcessMonitorDriver.sys denial of service