CVE-2026-16084
EUVD-2026-4536718.07.2026, 09:17
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Patch name: c15aac21fe05ee103a470e1104bc891754e83392. To fix this issue, it is recommended to deploy a patch.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sipeed | picoclaw | 0.2.0 | CNA |
| sipeed | picoclaw | 0.2.1 | CNA |
| sipeed | picoclaw | 0.2.2 | CNA |
| sipeed | picoclaw | 0.2.3 | CNA |
| sipeed | picoclaw | 0.2.4 | CNA |
| sipeed | picoclaw | 0.2.5 | CNA |
| sipeed | picoclaw | 0.2.6 | CNA |
| sipeed | picoclaw | 0.2.7 | CNA |
| sipeed | picoclaw | 0.2.8 | CNA |
| sipeed | picoclaw | 0.2.9 | CNA |
References