PT-2026-60926 · Sipeed · Picoclaw

·

CVE-2026-16084

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Sipeed PicoClaw versions prior to 0.3.0
Description An issue exists in the web fetch() function within the pkg/tools/integration/web.go file that allows for server-side request forgery (SSRF), a condition where an attacker can induce the server to make requests to an unintended location. This flaw enables remote exploitation.
Recommendations Deploy patch c15aac21fe05ee103a470e1104bc891754e83392 for versions prior to 0.3.0.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16084

Affected Products

Picoclaw