PT-2026-60923 · Sipeed · Picoclaw

·

CVE-2026-16081

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Sipeed PicoClaw versions prior to 0.2.10
Description An issue exists in an unknown function within the web/backend/api/auth.go file that allows remote attackers to perform cross-site request forgery (CSRF), a technique where a malicious website causes a user's web browser to perform an unwanted action on a different website where the user is authenticated.
Recommendations Apply patch 4b0229351678f479429b8d8b19207757266f246b to resolve the issue.

Exploit

Fix

Missing Authorization

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16081

Affected Products

Picoclaw