CVE-2026-10219

EUVD-2026-33540
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Common Weakness Enumeration
References
https://github.com/nextlevelbuilder/goclaw/
https://github.com/nextlevelbuilder/goclaw/issues/1121
https://github.com/nextlevelbuilder/goclaw/pull/1155
https://vuldb.com/cve/CVE-2026-10219
https://vuldb.com/submit/821939
https://vuldb.com/vuln/367498
https://vuldb.com/vuln/367498/cti