What is CVE-2026-7505?

CVE-2026-7505 is a high-severity vulnerability in Nextlevelbuilder Goclaw, classified under Incorrect Privilege Assignment. CVSS score: 7.3/10. Published 2026-04-30.

How severe is CVE-2026-7505?

High severity. CVSS v3 base score is 7.3 out of 10.

Auth bypass in Nextlevelbuilder Goclaw

CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit…

EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Nextlevelbuilder Goclaw — versions 3.8.0, 3.8.1, 3.8.2
Nextlevelbuilder Goclaw Lite — versions 3.8.0, 3.8.1, 3.8.2

Weakness classification (CWE)

References

VDB-360314 | nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization (vdb-entry)
VDB-360314 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
Submit #803458 | Goclaw V0.4.0 Command execution (third-party-advisory)
cna@vuldb.com (issue-tracking, exploit)
cna@vuldb.com (issue-tracking, patch)
cna@vuldb.com (patch)
cna@vuldb.com (patch)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-7505?: CVE-2026-7505 is a high-severity vulnerability in Nextlevelbuilder Goclaw, classified under Incorrect Privilege Assignment. CVSS score: 7.3/10. Published 2026-04-30.
How severe is CVE-2026-7505?: High severity. CVSS v3 base score is 7.3 out of 10.