CVE-2026-16081
EUVD-2026-4535718.07.2026, 08:16
A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 4b0229351678f479429b8d8b19207757266f246b. Applying a patch is advised to resolve this issue.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sipeed | picoclaw | 0.2.0 | CNA |
| sipeed | picoclaw | 0.2.1 | CNA |
| sipeed | picoclaw | 0.2.2 | CNA |
| sipeed | picoclaw | 0.2.3 | CNA |
| sipeed | picoclaw | 0.2.4 | CNA |
| sipeed | picoclaw | 0.2.5 | CNA |
| sipeed | picoclaw | 0.2.6 | CNA |
| sipeed | picoclaw | 0.2.7 | CNA |
| sipeed | picoclaw | 0.2.8 | CNA |
| sipeed | picoclaw | 0.2.9 | CNA |
Common Weakness Enumeration
References