No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 18 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component web_fetch. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Patch name: 2efbe5d560e7ed9bc5209c203dc4aa6ecdbc7405. To fix this issue, it is recommended to deploy a patch. | |
| Title | Sipeed PicoClaw web_fetch web.go isPrivateOrRestrictedIP server-side request forgery | |
| First Time appeared |
Sipeed
Sipeed picoclaw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sipeed
Sipeed picoclaw |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T22:45:13.066Z
Reserved: 2026-07-18T07:22:33.012Z
Link: CVE-2026-16196
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-918
Server-Side Request Forgery (SSRF)