CVE-2026-16082
EUVD-2026-4535818.07.2026, 09:17
A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline_execute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sipeed | picoclaw | 0.2.0 | CNA |
| sipeed | picoclaw | 0.2.1 | CNA |
| sipeed | picoclaw | 0.2.2 | CNA |
| sipeed | picoclaw | 0.2.3 | CNA |
| sipeed | picoclaw | 0.2.4 | CNA |
| sipeed | picoclaw | 0.2.5 | CNA |
| sipeed | picoclaw | 0.2.6 | CNA |
| sipeed | picoclaw | 0.2.7 | CNA |
| sipeed | picoclaw | 0.2.8 | CNA |
| sipeed | picoclaw | 0.2.9 | CNA |