CVE-2026-10219

Source
https://cve.org/CVERecord?id=CVE-2026-10219
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10219.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10219
Aliases
Published
2026-06-01T03:15:09.484Z
Modified
2026-07-15T01:49:03.171924527Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection
Details

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10219.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/nextlevelbuilder/goclaw

Affected ranges

Type
GIT
Repo
https://github.com/nextlevelbuilder/goclaw
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.11.0"
        },
        {
            "last_affected": "3.11.0"
        },
        {
            "introduced": "3.11.1"
        },
        {
            "last_affected": "3.11.1"
        },
        {
            "introduced": "3.11.2"
        },
        {
            "last_affected": "3.11.2"
        },
        {
            "introduced": "3.11.3"
        },
        {
            "last_affected": "3.11.3"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*
3.11.0
3.11.1
3.11.2
3.11.3
lite-v3.*
lite-v3.9.1
v3.*
v3.11.0
v3.11.1
v3.11.2
v3.11.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10219.json"