๐Ÿ” CVE Alert

CVE-2026-16084

HIGH 7.3

Sipeed PicoClaw web.go web_fetch server-side request forgery

CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Patch name: c15aac21fe05ee103a470e1104bc891754e83392. To fix this issue, it is recommended to deploy a patch.

CWE CWE-918
Vendor sipeed
Product picoclaw
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for sipeed picoclaw

Be the first to know when new high vulnerabilities affecting sipeed picoclaw are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Sipeed / PicoClaw
0.2.0 0.2.1 0.2.2 0.2.3 0.2.4 0.2.5 0.2.6 0.2.7 0.2.8 0.2.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379796 vuldb.com: https://vuldb.com/vuln/379796/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16084 vuldb.com: https://vuldb.com/submit/852946 github.com: https://github.com/sipeed/picoclaw/issues/3074 github.com: https://github.com/sipeed/picoclaw/pull/3143 github.com: https://github.com/sipeed/picoclaw/commit/c15aac21fe05ee103a470e1104bc891754e83392 github.com: https://github.com/sipeed/picoclaw/

Credits

๐Ÿ” Eric-i (VulDB User)