CVE-2026-15317

Summary

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

Affected Software

VendorProductVersion RangeStatus
SipeedPicoClaw0.2.0affected
SipeedPicoClaw0.2.1affected
SipeedPicoClaw0.2.2affected
SipeedPicoClaw0.2.3affected
SipeedPicoClaw0.2.4affected
SipeedPicoClaw0.2.5affected
SipeedPicoClaw0.2.6affected
SipeedPicoClaw0.2.7affected
SipeedPicoClaw0.2.8affected
SipeedPicoClaw0.2.9affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

References