Skip to main content

Sipeed PicoClaw EUVDEUVD-2026-42765

| CVE-2026-15318 LOW
Incorrect Authorization (CWE-863)
2026-07-10 VulDB GHSA-8f88-w9gq-227v
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-accessible MQTT service exploited by low-privilege connected client via client_id manipulation; no scope change; low and symmetric C/I/A impact consistent with CVSS 4.0 VC:L/VI:L/VA:L.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jul 10, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jul 10, 2026 - 02:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 10, 2026 - 01:57 vuln.today
CVE Published
Jul 10, 2026 - 01:30 cve.org
MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument client_id causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

AnalysisAI

Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the client_id argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain network access to MQTT broker
Delivery
Establish low-privilege MQTT connection
Exploit
Craft MQTT request with spoofed client_id value
Execution
Trigger flawed authorization check in mqtt.go
Persist
Assume unauthorized channel access permissions
Impact
Intercept or inject MQTT messages targeting victim client

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have network connectivity to the Sipeed PicoClaw MQTT broker and the ability to initiate a low-privilege MQTT connection (consistent with PR:L in the CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) places this as a network-exploitable, low-complexity vulnerability requiring only low-privilege access, with a proof-of-concept exploitability modifier, yielding a score of 5.3 (medium). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the MQTT broker - such as a legitimately registered IoT device or any client on the same network segment - uses the publicly available proof-of-concept to send an MQTT connection or channel-access request with a spoofed `client_id` belonging to a different, higher-privilege client. The PicoClaw MQTT Channel Handler's flawed authorization logic accepts the manipulated identifier without verifying it against the authenticated session, granting the attacker read and write access to the victim client's MQTT channels and enabling message interception or injection within the IoT messaging fabric.
Remediation No vendor-released patch has been identified at time of analysis - the associated GitHub issue (https://github.com/sipeed/picoclaw/issues/3068) was closed automatically due to inactivity rather than through a code fix, and no patched release is reflected in the CPE data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42765 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy