CVE-2026-15320

Summary

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The reported GitHub issue was closed automatically due to inactivity.

Affected Software

VendorProductVersion RangeStatus
SipeedPicoClaw0.2.0affected
SipeedPicoClaw0.2.1affected
SipeedPicoClaw0.2.2affected
SipeedPicoClaw0.2.3affected
SipeedPicoClaw0.2.4affected
SipeedPicoClaw0.2.5affected
SipeedPicoClaw0.2.6affected
SipeedPicoClaw0.2.7affected
SipeedPicoClaw0.2.8affected
SipeedPicoClaw0.2.9affected

Weaknesses

  • CWE-862: Missing Authorization
  • CWE-863: Incorrect Authorization

References