CVE-2026-16198 | Sipeed PicoClaw up to 0.2.9 First Run Setup access_control.go allowed_cidrs authentication bypass (Issue 3080)
A vulnerability marked as critical has been reported in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access_control.go of the component First Run Setup. Performing a manipulation of the argument allowed_cidrs results in authentication bypass using alternate channel.
This vulnerability was named CVE-2026-16198. The attack may be initiated remotely. In addition, an exploit is available.
Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More