OS Command Injection Vulnerability in Picoclaw by Sipeed
CVE-2026-36045
Currently unrated
What is CVE-2026-36045?
Picoclaw, an open-source tool developed by Sipeed, is susceptible to OS command injection due to an incomplete denylist in the ExecTool component. Specifically, the guardCommand() function inadequately restricts shell command execution, allowing attackers to exploit this weakness by executing arbitrary commands on the host system. Users of Picoclaw, especially those utilizing versions up to and including v0.1.2, are urged to implement immediate countermeasures to protect their systems.
