A vulnerability described as critical has been identified in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function
MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization.
This vulnerability is traded as CVE-2026-14716. The attack may be launched remotely. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report.