Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable endpoint requires low-privilege auth (PR:L); symlink traversal yields limited file read/write with no scope change.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A weakness has been identified in louisho5 picobot up to 0.2.0. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Link-following vulnerability in louisho5 picobot up to version 0.2.0 allows a remote, low-privileged attacker to traverse outside the intended workspace directory via the CreateSkill and GetSkill functions in the filesystem handler. The root cause is improper symlink resolution (CWE-59) in internal/agent/tools/filesystem.go, enabling potential unauthorized file read and write operations on the host filesystem. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid low-privilege account or API credential on the target picobot instance, as indicated by PR:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L) scores 5.3, indicating medium severity with low individual impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker with low-privilege access to a picobot instance crafts a skill creation request containing a symbolic link pointing to a sensitive file outside the workspace directory (e.g., /etc/passwd or application secrets). When the GetSkill function resolves the path without validating the symlink target, the server returns or writes to the attacker-controlled out-of-bounds location. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the project maintainer has not responded to the disclosure as of the report date. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Server-side request forgery in louisho5 picobot up to version 0.2.0 allows authenticated remote attackers to manipulate
OS command injection in louisho5 picobot up to version 0.2.0 allows local low-privileged attackers to execute arbitrary
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43618
GHSA-3w4p-rmf6-8x3x