No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sat, 18 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline_execute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically with the label "not planned" by a bot. | |
| Title | Sipeed PicoClaw pipeline_execute.go ExecTool.executeRun toctou | |
| First Time appeared |
Sipeed
Sipeed picoclaw |
|
| Weaknesses | CWE-362 CWE-367 |
|
| CPEs | cpe:2.3:a:sipeed:picoclaw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sipeed
Sipeed picoclaw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T08:15:07.934Z
Reserved: 2026-07-17T13:49:58.787Z
Link: CVE-2026-16082
No data.
No data.
No data.
OpenCVE Enrichment
No data.