CVE-2026-15317
Received Received - Intake

Server-Side Request Forgery in Sipeed PicoClaw

Vulnerability report for CVE-2026-15317, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulDB

Description

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed picoclaw to 0.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can allow remote attackers to retrieve sensitive internal resources by bypassing SSRF protections. Attackers can exploit the proxy configuration to access loopback endpoints or cloud metadata that are normally protected, potentially leading to unauthorized data exposure.

Additionally, the vulnerability may lead to remote code execution or sensitive data leakage due to insufficient input validation in the MCP server integration.

Users of PicoClaw are advised to restrict MCP server access to trusted networks and monitor for unusual activity until a patch is released.

Executive Summary

CVE-2026-15317 is a security vulnerability in the Sipeed PicoClaw framework, specifically affecting the WebFetchTool.Execute function. It is a Server-Side Request Forgery (SSRF) protection bypass that occurs when certain proxy environment variables (like HTTP_PROXY) are set but the tool's proxy configuration remains empty. This mismatch allows an attacker to bypass SSRF protections by making the proxy connect to internal or loopback network resources that should be blocked.

The vulnerability arises because the SSRF guard only validates the proxy's first hop, but the proxy itself performs the final connection to an attacker-controlled destination, enabling unauthorized access to internal endpoints or cloud metadata.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized use of proxy environment variables such as HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY when running the PicoClaw process, especially if the tool's proxy configuration is empty.

One practical detection method is to check if the PicoClaw process is started with these proxy environment variables set, which can enable the SSRF bypass.

Additionally, network monitoring for unexpected outbound requests to internal or loopback addresses via proxies can help identify exploitation attempts.

Suggested commands include:

  • On Linux/Unix systems, check environment variables for running PicoClaw processes: `ps aux | grep picoclaw` followed by `cat /proc/<pid>/environ | tr '\0' '\n' | grep -i proxy`
  • Monitor network traffic for unusual requests to internal or loopback addresses through proxies using tools like `tcpdump` or `wireshark`.
  • Review application logs for requests made via the web_fetch tool that include proxy usage or access to internal resources.
Mitigation Strategies

Immediate mitigation steps include restricting access to the MCP server and the PicoClaw process to trusted networks only.

Avoid setting or using environment variables like HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY when running PicoClaw, especially if the tool's proxy configuration is not explicitly set.

Monitor and audit proxy usage to ensure that requests are not being routed through attacker-controlled proxies that could bypass SSRF protections.

Since no patch has been released yet, users should implement network-level controls and limit exposure until an official fix is available.

Compliance Impact

The CVE-2026-15317 vulnerability allows attackers to perform server-side request forgery (SSRF) that can lead to unauthorized access to internal resources and potential exposure of sensitive information. Such exposure could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access and breaches.

Since the vulnerability enables attackers to retrieve internal resources and possibly sensitive data through proxy bypass, organizations using affected versions of PicoClaw may face increased risk of data leakage, which could violate confidentiality and data protection requirements mandated by these standards.

Mitigation steps such as restricting MCP server access to trusted networks and monitoring for unusual activity are recommended to reduce the risk and help maintain compliance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart