Description
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/create_video_byteplus.go of the component invoke Endpoint. The manipulation of the argument output.video_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Problem types
Product status
Timeline
| 2026-07-13: | Advisory disclosed |
| 2026-07-13: | VulDB entry created |
| 2026-07-13: | VulDB entry last update |
Credits
Eric-b (VulDB User)
References
vuldb.com/vuln/378126 (VDB-378126 | nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery)
vuldb.com/vuln/378126/cti (VDB-378126 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15624 (CVE-2026-15624 | CVE Analysis and Report)
vuldb.com/submit/855798 (Submit #855798 | nextlevelbuilder GoClaw 3.13.3-beta.3 Server-Side Request Forgery (CWE-918))
github.com/nextlevelbuilder/goclaw/issues/1199
github.com/nextlevelbuilder/goclaw/