CVE-2026-16195
Received Received - Intake

Incorrect Authorization in Sipeed PicoClaw

Vulnerability report for CVE-2026-16195, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically due to inactivity.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed pico_claw to 0.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an incorrect authorization flaw in Sipeed PicoClaw up to version 0.2.9. It exists in the Group Message Handler component, specifically in the function dispatchIncoming within the file pkg/channels/wecom/wecom.go. The issue allows unauthorized remote access due to improper authorization checks.

Impact Analysis

The vulnerability enables remote attackers to bypass authorization and potentially gain unauthorized access to sensitive functions or data. Since the exploit is publicly available, the risk of attacks is higher. Users of affected versions should update immediately to mitigate potential risks.

Compliance Impact

The vulnerability involves incorrect authorization in the Group Message Handler of Sipeed PicoClaw, allowing remote attacks. This could lead to unauthorized access or data exposure, which may violate compliance requirements under GDPR (data protection) or HIPAA (health data privacy) if exploited.

Mitigation Strategies

Immediately update Sipeed PicoClaw to a version beyond 0.2.9 to address the authorization flaw in the Group Message Handler component. If an update is unavailable, restrict network access to the vulnerable component or disable it entirely until a patch is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart