CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

PT-2026-43703

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

PicoClaw 安全漏洞

PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw up to v0.1.2 contained security vulnerabilities. These vulnerabilities stemmed from the guardCommand function in the ExecTool component, which used incomplete 8 regular expression blacklists to...

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

PicoClaw has an Injection issue in its Web Launcher Management Plane component

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

GHSA-6R3X-H84W-FHXX PicoClaw has an Injection issue in its Web Launcher Management Plane component

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6987

CVE-2026-6987 affects PicoClaw up to version 0.2.4, with the vulnerability located in the web component file path /api/gateway/restart within the Web Launcher Management Plane . The issue is described as a manipulation that leads to command injection and appears exploitable remotely. Concrete aff...

CVE-2026-6987

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

EUVD-2026-25663

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

CVE-2026-6987 PicoClaw Web Launcher Management Plane restart command injection

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed o...

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

PicoClaw 注入漏洞

PicoClaw is a super-lightweight personal AI assistant tool developed by Sipeed. Versions of PicoClaw 0.2.4 and earlier had a injection vulnerability. This vulnerability stemmed from an unknown function in the component Web Launcher Management Plane, specifically the file/api/gateway/restart, whic...