CVE-2026-16124 | nextlevelbuilder GoClaw up to 3.15.0-beta.32 web_fetch web_shared.go CheckSSRF/isPrivateIP server-side request forgery (Issue 1218)
A vulnerability described as critical has been identified in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web_shared.go of the component web_fetch. Such manipulation leads to server-side request forgery.
This vulnerability is uniquely identified as CVE-2026-16124. The attack can be launched remotely. Moreover, an exploit is present.
Upgrading the affected component is recommended.