What is the CVSS score of CVE-2026-36045?

CVE-2026-36045 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of picoclaw are affected by CVE-2026-36045?

Sipeed picoclaw v0.1.2 and earlier contains an OS command injection vulnerability in its shell execution component that allows attackers to execute arbitrary commands by bypassing insufficient input…

picoclaw CVE-2026-36045

Q: How to fix or mitigate CVE-2026-36045?

24 hours: Inventory all picoclaw v0.1.2 and earlier deployments; disable ExecTool functionality or restrict network access to administrative networks only via firewall rules. 7 days: Evaluate alternative device management solutions; implement temporary network segmentation isolating picoclaw to VPN/bastion access; establish detailed audit logging for ExecTool requests. 30 days: Monitor Sipeed repository and security advisories for patch availability; plan upgrade to patched version when released; complete migration to alternative tooling if picoclaw deprecation is feasible.

HIGH

OS Command Injection (CWE-78)

2026-05-27 cve@mitre.org

Command Injection

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Source Code Evidence Fetched

May 28, 2026 - 14:22 vuln.today

Analysis Generated

May 28, 2026 - 14:22 vuln.today

CVSS changed

May 28, 2026 - 14:22 NVD

7.3 (HIGH)

CVE Published

May 27, 2026 - 14:16 nvd

UNKNOWN (no severity yet)

DescriptionNVD

picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete.

AnalysisAI

OS command injection in sipeed picoclaw v0.1.2 and earlier allows remote attackers to bypass an incomplete denylist-based sanitizer in the ExecTool component and execute arbitrary shell commands on the host. The guardCommand() function in pkg/tools/shell.go relies on only eight regex denylist patterns, which is insufficient to block the wide range of shell metacharacters and command-chaining techniques available to an attacker. …

RemediationAI

24 hours: Inventory all picoclaw v0.1.2 and earlier deployments; disable ExecTool functionality or restrict network access to administrative networks only via firewall rules. 7 days: Evaluate alternative device management solutions; implement temporary network segmentation isolating picoclaw to VPN/bastion access; establish detailed audit logging for ExecTool requests. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36045 vulnerability details – vuln.today

Back