High severity7.3NVD Advisory· Published Apr 25, 2026· Updated May 1, 2026
CVE-2026-6987
CVE-2026-6987
Description
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of the problem early through an issue report but has not responded yet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sipeed/picoclawGo | <= 0.2.4 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/sipeed/picoclaw/issues/2307nvdExploitMitigationVendor AdvisoryIssue TrackingWEB
- github.com/advisories/GHSA-6r3x-h84w-fhxxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-6987ghsaADVISORY
- vuldb.com/submit/796336nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/359530nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/359530/ctinvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.