PT-2026-60927 · Sipeed · Picoclaw
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Sipeed PicoClaw versions prior to 0.3.0
Description
A local code inclusion issue exists in the
NewContextBuilder() function within the pkg/agent/context.go file. This flaw allows a local attacker to include functionality from an untrusted control sphere into the application.Recommendations
Update Sipeed PicoClaw to a version newer than 0.2.9.
As a temporary mitigation, restrict local access to the system to prevent unauthorized interaction with the
NewContextBuilder() function.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picoclaw