CVE-2026-15669
louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-78 CWE-77 |
| Vendor | louisho5 |
| Product | picobot |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for louisho5 picobot
Be the first to know when new medium vulnerabilities affecting louisho5 picobot are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
louisho5 / picobot
0.1 0.2.0
References
vuldb.com: https://vuldb.com/vuln/378163 vuldb.com: https://vuldb.com/vuln/378163/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15669 vuldb.com: https://vuldb.com/submit/855869 vuldb.com: https://vuldb.com/submit/855870 github.com: https://github.com/louisho5/picobot/issues/42 github.com: https://github.com/louisho5/picobot/issues/43 github.com: https://github.com/louisho5/picobot/
Credits
๐ Eric-h (VulDB User) VulDB CNA Team