๐Ÿ” CVE Alert

CVE-2026-15317

MEDIUM 6.3

Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery

CVSS Score
6.3
EPSS Score
0.2%
EPSS Percentile
16th

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

CWE CWE-918
Vendor sipeed
Product picoclaw
Published Jul 10, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sipeed picoclaw

Be the first to know when new medium vulnerabilities affecting sipeed picoclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Sipeed / PicoClaw
0.2.0 0.2.1 0.2.2 0.2.3 0.2.4 0.2.5 0.2.6 0.2.7 0.2.8 0.2.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377257 vuldb.com: https://vuldb.com/vuln/377257/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15317 vuldb.com: https://vuldb.com/submit/852877 github.com: https://github.com/sipeed/picoclaw/issues/3078 github.com: https://github.com/sipeed/picoclaw/

Credits

๐Ÿ” Eric-d (VulDB User) VulDB CNA Team