High severity7.3NVD Advisory· Published Apr 25, 2026· Updated May 1, 2026
CVE-2026-6987
CVE-2026-6987
Description
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of the problem early through an issue report but has not responded yet.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sipeed/picoclawGo | <= 0.2.4 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/sipeed/picoclaw/issues/2307nvdExploitMitigationVendor AdvisoryIssue TrackingWEB
- github.com/advisories/GHSA-6r3x-h84w-fhxxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-6987ghsaADVISORY
- vuldb.com/submit/796336nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/359530nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/359530/ctinvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.