GoClaw Gateway Auth Bypass: Viewer Privilege Escalation to Admin for TTS/Storage Config

github.com 2026-06-01查看中文 →

Security AdvisoryHighnextlevelbuilder/goclaw

Affected:

goclaw <= 3.11.3

Referenced CVEs: CVE-2026-10217 · 6.3

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Hermes Agent Feishu Webhook Pre-Auth Rate-Limit Bypass DoS 2026-06-01 Hermes-Agent .env Parser Semantic Injection via Substring Splitting (RCE/Credential Theft) 2026-06-01 Unauthenticated Arbitrary User Creation (Privilege Escalation) in add_user_check.php - Broken Access Control 2026-06-01 hermes-agent Persistent Prompt Injection Bypass via Regex Evasion 2026-06-01 SQL Injection Auth Bypass in login_check.php (Admin Session Acquisition) 2026-06-01

Offline Archive

Offline screenshot & PDF are Pro-exclusive