CVE-2026-16085 | Sipeed PicoClaw up to 0.2.9 pkg/agent/context.go NewContextBuilder inclusion of functionality from untrusted control sphere (Issue 3075)
A vulnerability was found in Sipeed PicoClaw up to 0.2.9 and classified as problematic. Affected is the function NewContextBuilder of the file pkg/agent/context.go. Such manipulation leads to inclusion of functionality from untrusted control sphere.
This vulnerability is documented as CVE-2026-16085. The attack needs to be performed locally. Additionally, an exploit exists.
The reported GitHub issue was closed automatically with the label “not planned” by a bot.VulDB Recent EntriesRead More