A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Patch name: c15aac21fe05ee103a470e1104bc891754e83392. To fix this issue, it is recommended to deploy a patch.
Metrics
Affected Vendors & Products
References
History
Sat, 18 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in Sipeed PicoClaw up to 0.2.9. This impacts the function web_fetch of the file pkg/tools/integration/web.go. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. Patch name: c15aac21fe05ee103a470e1104bc891754e83392. To fix this issue, it is recommended to deploy a patch. | |
| Title | Sipeed PicoClaw web.go web_fetch server-side request forgery | |
| First Time appeared |
Sipeed
Sipeed picoclaw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sipeed
Sipeed picoclaw |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T09:00:10.981Z
Reserved: 2026-07-17T13:50:07.157Z
Link: CVE-2026-16084
No data.
No data.
No data.
OpenCVE Enrichment
No data.