Skip to main content

Picoclaw

5 CVEs product

Monthly

CVE-2026-15320 LOW POC Monitor

Missing authorization in Sipeed PicoClaw up to version 0.2.9 permits remote low-privileged attackers to invoke the rt.ReloadConfig function in pkg/channels/pico/pico.go by manipulating the message.send argument without proper authorization checks. The integrity and availability of the affected system are both at limited risk, as the CVSS 4.0 vector confirms no confidentiality exposure but allows unauthorized configuration reload or disruption. A public exploit exists (E:P), though the GitHub issue tracking the report was closed automatically due to inactivity, indicating no vendor remediation has been issued.

Authentication Bypass Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15319 MEDIUM POC PATCH This Month

Improper access control in Sipeed PicoClaw up to version 0.2.9 allows remote unauthenticated attackers to bypass the IP allowlist enforced by the Launcher's web backend middleware. The flaw resides in the IPAllowlist function within web/backend/middleware/access_control.go, which fails to correctly enforce source-address restrictions, permitting unauthorized network access to protected endpoints. A public proof-of-concept exploit exists (GitHub issue #3069), and an upstream patch (PR #3126) has been submitted but a formally released patched version has not been independently confirmed.

Authentication Bypass Picoclaw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2026-15318 LOW POC Monitor

Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the `client_id` argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. No vendor patch has been released - the upstream GitHub issue was closed automatically due to inactivity - leaving affected deployments without an official remediation path.

Authentication Bypass Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-15317 LOW POC Monitor

Server-side request forgery in Sipeed PicoClaw up to version 0.2.9 allows remote attackers to manipulate the WebFetchTool.Execute function within the Guarded Web Fetch Flow component, causing the server to issue arbitrary outbound requests on behalf of the attacker. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact with no subsequent-system scope change. A public exploit has been released (E:P confirmed), but no vendor patch exists - the upstream GitHub issue was closed automatically due to inactivity, not resolution.

SSRF Picoclaw
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-6987 Go MEDIUM This Month

Remote command injection in PicoClaw Web Launcher Management Plane (versions up to 0.2.4) allows unauthenticated attackers to execute arbitrary system commands via the /api/gateway/restart endpoint. CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible exploitation without authentication. Proof-of-concept code exists (CVSS:E:P). Vendor has not responded to responsible disclosure (reported via GitHub issue #2307), indicating no official patch is available. The Web Launcher Management Plane component suggests this affects administrative/control interfaces, making it a high-priority target for internet-exposed deployments.

Command Injection Picoclaw
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
EPSS 0% CVSS 2.1
LOW POC Monitor

Missing authorization in Sipeed PicoClaw up to version 0.2.9 permits remote low-privileged attackers to invoke the rt.ReloadConfig function in pkg/channels/pico/pico.go by manipulating the message.send argument without proper authorization checks. The integrity and availability of the affected system are both at limited risk, as the CVSS 4.0 vector confirms no confidentiality exposure but allows unauthorized configuration reload or disruption. A public exploit exists (E:P), though the GitHub issue tracking the report was closed automatically due to inactivity, indicating no vendor remediation has been issued.

Authentication Bypass Picoclaw
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Improper access control in Sipeed PicoClaw up to version 0.2.9 allows remote unauthenticated attackers to bypass the IP allowlist enforced by the Launcher's web backend middleware. The flaw resides in the IPAllowlist function within web/backend/middleware/access_control.go, which fails to correctly enforce source-address restrictions, permitting unauthorized network access to protected endpoints. A public proof-of-concept exploit exists (GitHub issue #3069), and an upstream patch (PR #3126) has been submitted but a formally released patched version has not been independently confirmed.

Authentication Bypass Picoclaw
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Incorrect authorization in Sipeed PicoClaw's MQTT Channel Handler (pkg/channels/mqtt/mqtt.go) through version 0.2.9 allows remote low-privileged attackers to bypass access controls by manipulating the `client_id` argument, enabling unauthorized access to MQTT channels belonging to other clients. A public proof-of-concept exploit exists via the referenced GitHub issue, elevating practical risk beyond the moderate CVSS 4.0 score of 5.3. No vendor patch has been released - the upstream GitHub issue was closed automatically due to inactivity - leaving affected deployments without an official remediation path.

Authentication Bypass Picoclaw
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery in Sipeed PicoClaw up to version 0.2.9 allows remote attackers to manipulate the WebFetchTool.Execute function within the Guarded Web Fetch Flow component, causing the server to issue arbitrary outbound requests on behalf of the attacker. The vulnerability carries a CVSS 4.0 base score of 2.1, reflecting limited confidentiality, integrity, and availability impact with no subsequent-system scope change. A public exploit has been released (E:P confirmed), but no vendor patch exists - the upstream GitHub issue was closed automatically due to inactivity, not resolution.

SSRF Picoclaw
NVD VulDB GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

Remote command injection in PicoClaw Web Launcher Management Plane (versions up to 0.2.4) allows unauthenticated attackers to execute arbitrary system commands via the /api/gateway/restart endpoint. CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) indicates network-accessible exploitation without authentication. Proof-of-concept code exists (CVSS:E:P). Vendor has not responded to responsible disclosure (reported via GitHub issue #2307), indicating no official patch is available. The Web Launcher Management Plane component suggests this affects administrative/control interfaces, making it a high-priority target for internet-exposed deployments.

Command Injection Picoclaw
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy