CVE-2026-16196 | Sipeed PicoClaw up to 0.2.9 web_fetch web.go isPrivateOrRestrictedIP server-side request forgery (Issue 3077)

SecurityVulns

A vulnerability identified as critical has been detected in Sipeed PicoClaw up to 0.2.9. Impacted is the function isPrivateOrRestrictedIP of the file pkg/tools/integration/web.go of the component web_fetch. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-16196. The attack can be initiated remotely. Additionally, an exploit exists.

To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More