CVE-2026-16082
Received Received - Intake

Time-of-Check Time-of-Use in Sipeed PicoClaw

Vulnerability report for CVE-2026-16082, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability was identified in Sipeed PicoClaw up to 0.2.9. The impacted element is the function ExecTool.executeRun of the file pkg/agent/pipeline_execute.go. The manipulation of the argument cwe leads to time-of-check time-of-use. The attack must be carried out locally. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-19
AI Q&A
2026-07-18
EPSS Evaluated
2026-07-18
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed picoclaw to 0.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition in Sipeed PicoClaw up to version 0.2.9. It affects the ExecTool.executeRun function in pkg/agent/pipeline_execute.go. The issue occurs because the approval process checks the working directory before execution but does not bind it to an immutable identity. An attacker can change a symlink target between approval and execution, causing the command to run in a different directory than approved. This breaks the integrity of approval decisions.

Detection Guidance

To detect CVE-2026-16082, monitor for unusual symlink behavior in PicoClaw's exec tool approval process. Check for rapid changes in directory targets during command execution. Review logs for discrepancies between approved and executed directories. No specific commands are provided in the context, but inspect PicoClaw logs and file system operations involving symlinks.

Impact Analysis

This vulnerability allows an attacker with local access to manipulate symlinks in the approved workspace. This could cause approved commands to execute in unintended directories, potentially leading to unauthorized file operations or command behavior changes. While it does not enable workspace escape, it undermines the trustworthiness of the approval mechanism, which could result in unintended system modifications or data corruption.

Compliance Impact

This vulnerability, a TOCTOU race condition in PicoClaw's exec tool, could undermine compliance with GDPR and HIPAA by potentially allowing unauthorized file operations or command execution within approved directories. If exploited, it might enable data leakage or unauthorized access to sensitive information, violating integrity and confidentiality requirements of these regulations.

Mitigation Strategies

Immediately upgrade PicoClaw to the latest version beyond 0.2.9 if available. Restrict exec tool usage to trusted directories and users. Disable symlink resolution in the approval process if possible. Monitor for suspicious symlink modifications in workspaces. Avoid using PicoClaw in environments with untrusted users.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart