CVE-2026-15318
Received Received - Intake

Incorrect Authorization in Sipeed PicoClaw via MQTT Client ID Manipulation

Vulnerability report for CVE-2026-15318, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulDB

Description

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument client_id causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed picoclaw to 0.2.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the MQTT channel implementation in Sipeed PicoClaw versions up to 0.2.9. It arises because the system extracts the client_id directly from the MQTT topic path, which is controlled by the client and not authenticated by the MQTT broker.

An attacker can spoof the client_id in the topic path to impersonate an allowlisted sender. The authorization logic relies on a raw string comparison of this client_id, trusting the topic-derived value rather than a broker-authenticated identity.

This allows the attacker to bypass authorization checks and send unauthorized messages, potentially injecting prompts, triggering tool execution, consuming API/model budgets, or accessing sensitive workflow context.

Impact Analysis

The impact of this vulnerability includes unauthorized access and actions within the PicoClaw system via the MQTT channel.

  • Attackers can bypass authorization and send unauthorized messages.
  • They may inject malicious prompts or commands.
  • Attackers can trigger unintended tool executions.
  • They might consume API or model usage budgets, potentially leading to denial of service or increased costs.
  • Sensitive workflow context or data could be accessed by unauthorized parties.
Detection Guidance

This vulnerability can be detected by monitoring MQTT traffic for messages where the client_id in the topic path is spoofed or does not match authenticated identities. Since the MQTT channel extracts client_id directly from the topic segment and uses it for authorization without broker authentication, unusual or unauthorized client_id values in the topic path may indicate exploitation attempts.

Detection can involve inspecting MQTT topics matching the pattern /picoclaw/{agent_id}/{client_id}/request and verifying if the client_id corresponds to a legitimate, authenticated sender.

While specific commands are not provided in the resources, network administrators can use MQTT client tools or network packet capture utilities (e.g., tcpdump, Wireshark) to filter and analyze MQTT publish messages for suspicious client_id values.

  • Use tcpdump or Wireshark to capture MQTT traffic and filter for topics matching /picoclaw/*/*/request.
  • Use MQTT client tools (e.g., mosquitto_sub) to subscribe to relevant topics and monitor client_id values in real time.
  • Check logs of the MQTT broker or PicoClaw application for authorization failures or unexpected client_id usage.
Mitigation Strategies

Immediate mitigation steps include restricting access to the MQTT broker to trusted clients and networks to reduce the risk of unauthorized message injection.

Since the vulnerability arises from trusting client_id values extracted from MQTT topic paths without broker authentication, it is important to implement or enforce proper authentication and authorization mechanisms at the MQTT broker level.

Additionally, monitoring and logging MQTT traffic for suspicious client_id spoofing attempts can help detect exploitation early.

Users should also consider applying any patches or updates once they become available from the PicoClaw project, although no patch is currently mentioned.

Compliance Impact

The vulnerability allows an attacker to bypass authorization checks by spoofing the client_id in the MQTT topic path, potentially enabling unauthorized access to sensitive workflow context and the ability to inject prompts or trigger tool execution.

Such unauthorized access and manipulation could lead to violations of data protection and privacy requirements found in common standards and regulations like GDPR and HIPAA, which mandate strict controls over access to sensitive data and proper authorization mechanisms.

Because the vulnerability enables attackers to circumvent intended authorization protections, it may result in non-compliance with these regulations if exploited, especially where personal or sensitive data is involved.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15318. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart