CVE-2026-16082 | Sipeed PicoClaw up to 0.2.9 pipeline_execute.go ExecTool.executeRun cwe toctou (Issue 3081)

SecurityVulns

A vulnerability, which was classified as problematic, has been found in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline_execute.go. The manipulation of the argument cwe leads to time-of-check time-of-use.

This vulnerability is listed as CVE-2026-16082. The attack must be carried out locally. In addition, an exploit is available.

The reported GitHub issue was closed automatically with the label “not planned” by a bot.VulDB Recent EntriesRead More