PT-2026-60925 · Sipeed · Picoclaw

·

CVE-2026-16083

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Sipeed PicoClaw versions prior to 0.3.0
Description An authentication bypass exists in the LINE Webhook component due to a capture-replay flaw. A remote attacker can exploit this by manipulating the webhook.ParseRequest() function within the pkg/channels/line/line.go file. Capture-replay is a technique where a valid data transmission is recorded and then re-sent to the system to trick it into granting unauthorized access.
Recommendations Update Sipeed PicoClaw to version 0.3.0 or later. As a temporary mitigation, restrict access to the LINE Webhook component to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16083

Affected Products

Picoclaw