CVE-2026-16198 | Sipeed PicoClaw up to 0.2.9 First Run Setup access_control.go allowed_cidrs authentication bypass (Issue 3080)

SecurityVulns

A vulnerability marked as critical has been reported in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access_control.go of the component First Run Setup. Performing a manipulation of the argument allowed_cidrs results in authentication bypass using alternate channel.

This vulnerability was named CVE-2026-16198. The attack may be initiated remotely. In addition, an exploit is available.

Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More