CVE-2026-15319

Summary

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 3126. A patch should be applied to remediate this issue.

Affected Software

VendorProductVersion RangeStatus
SipeedPicoClaw0.2.0affected
SipeedPicoClaw0.2.1affected
SipeedPicoClaw0.2.2affected
SipeedPicoClaw0.2.3affected
SipeedPicoClaw0.2.4affected
SipeedPicoClaw0.2.5affected
SipeedPicoClaw0.2.6affected
SipeedPicoClaw0.2.7affected
SipeedPicoClaw0.2.8affected
SipeedPicoClaw0.2.9affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

References