CVE-2026-16083
Received Received - Intake

Authentication Bypass in Sipeed PicoClaw via Capture-Replay

Vulnerability report for CVE-2026-16083, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed pico_claw to 0.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass flaw in Sipeed PicoClaw up to version 0.2.9. It exists in the LINE Webhook component's webhook.ParseRequest function in pkg/channels/line/line.go. The issue allows attackers to bypass authentication by capturing and replaying valid requests, enabling unauthorized access to the system.

Detection Guidance

To detect this vulnerability, monitor for duplicate LINE webhook events with identical message IDs being processed multiple times. Check logs for repeated API calls or downstream agent actions from the same source. Inspect network traffic for repeated POST requests to /webhook/line with the same payload.

Impact Analysis

This vulnerability may allow remote attackers to impersonate legitimate users or systems by replaying captured authentication tokens. This could lead to unauthorized actions, data access, or control over affected systems. Since exploit code is publicly available, the risk of real-world attacks is elevated.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating confidentiality requirements in GDPR and HIPAA. Organizations using affected versions may face compliance violations, potential fines, and reputational damage due to insufficient authentication controls.

Mitigation Strategies

Immediately upgrade Sipeed PicoClaw to a version beyond 0.2.9 to address the authentication bypass flaw in the LINE Webhook component. If an upgrade is not available, disable the affected webhook functionality or restrict network access to the vulnerable service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16083. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart