OS Command Injection Vulnerability in Picoclaw by Sipeed
CVE-2026-36045

Currently unrated

Key Information:

Vendor

Sipeed

Status
Vendor
CVE Published:
27 May 2026

What is CVE-2026-36045?

Picoclaw, an open-source tool developed by Sipeed, is susceptible to OS command injection due to an incomplete denylist in the ExecTool component. Specifically, the guardCommand() function inadequately restricts shell command execution, allowing attackers to exploit this weakness by executing arbitrary commands on the host system. Users of Picoclaw, especially those utilizing versions up to and including v0.1.2, are urged to implement immediate countermeasures to protect their systems.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.