PT-2026-60927 · Sipeed · Picoclaw

·

CVE-2026-16085

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v3.1

5.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Sipeed PicoClaw versions prior to 0.3.0
Description A local code inclusion issue exists in the NewContextBuilder() function within the pkg/agent/context.go file. This flaw allows a local attacker to include functionality from an untrusted control sphere into the application.
Recommendations Update Sipeed PicoClaw to a version newer than 0.2.9. As a temporary mitigation, restrict local access to the system to prevent unauthorized interaction with the NewContextBuilder() function.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16085

Affected Products

Picoclaw