A vulnerability labeled as critical has been found in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec_approval.go. The manipulation results in incorrect authorization.

This vulnerability is known as CVE-2026-16122. Access to the local network is required for this attack. Furthermore, an exploit is available.