A vulnerability classified as critical has been found in nextlevelbuilder GoClaw up to 3.11.3 . Affected by this issue is the function Import of the file internal/http/tts_config.go of the component TTS Configuration Endpoint . The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-10583 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project tagged the reported issue as bug.