Description
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity.
Problem types
Product status
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
Timeline
| 2026-07-09: | Advisory disclosed |
| 2026-07-09: | VulDB entry created |
| 2026-07-09: | VulDB entry last update |
Credits
Eric-d (VulDB User)
VulDB CNA Team
References
vuldb.com/vuln/377257 (VDB-377257 | Sipeed PicoClaw Guarded Web Fetch Flow web.go WebFetchTool.Execute server-side request forgery)
vuldb.com/vuln/377257/cti (VDB-377257 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15317 (CVE-2026-15317 | CVE Analysis and Report)
vuldb.com/submit/852877 (Submit #852877 | Sipeed PicoClaw <= 0.2.9 Server-Side Request Forgery (CWE-918))
github.com/sipeed/picoclaw/issues/3078
github.com/sipeed/picoclaw/