CVE-2026-15629 | louisho5 picobot up to 0.2.0 Workspace filesystem.go CreateSkill/GetSkill link following (Issue 40)
A vulnerability was found in louisho5 picobot up to 0.2.0 and classified as critical. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following.
This vulnerability is registered as CVE-2026-15629. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More