๐Ÿ” CVE Alert

CVE-2026-16083

MEDIUM 5.3

Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

CWE CWE-294 CWE-287
Vendor sipeed
Product picoclaw
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for sipeed picoclaw

Be the first to know when new medium vulnerabilities affecting sipeed picoclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Sipeed / PicoClaw
0.2.0 0.2.1 0.2.2 0.2.3 0.2.4 0.2.5 0.2.6 0.2.7 0.2.8 0.2.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379795 vuldb.com: https://vuldb.com/vuln/379795/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16083 vuldb.com: https://vuldb.com/submit/852945 github.com: https://github.com/sipeed/picoclaw/issues/3073 github.com: https://github.com/sipeed/picoclaw/

Credits

๐Ÿ” Eric-i (VulDB User) VulDB CNA Team