CVE-2026-10583 – nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery

CVE ID :CVE-2026-10583

Published : June 2, 2026, 4:17 a.m. | 15 minutes ago

Description :A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project tagged the reported issue as bug.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8206 – Kirki 6.0.0 – 6.0.6 – Unauthenticated Privilege Escalation via ‘handle_forgot_password’

CVE-2026-3198 – Improper Access Control in mlflow/mlflow

CVE-2026-10581 – DedeCMS download.php base64_decode server-side request forgery

CVE-2026-3871 – Zyxel UPnP Buffer Overflow Denial-of-Service