Improper Link Resolution in louisho5 picobot Component
CVE-2026-15629
Key Information:
Badges
What is CVE-2026-15629?
A weakness has been discovered in the louisho5 picobot's Workspace Handler, specifically in the CreateSkill/GetSkill functions found in the filesystem.go file. This vulnerability enables an attacker to manipulate link following behavior, potentially allowing unauthorized access and exploitation. The flaw can be triggered remotely, making it a significant concern for users of picobot version 0.2.0 and earlier. Despite being informed of this issue, the project maintainers have yet to address the reported problem.
Affected Version(s)
picobot 0.1
picobot 0.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
