CVE-2026-16198
Received Received - Intake

Authentication Bypass in Sipeed PicoClaw via CIDR Manipulation

Vulnerability report for CVE-2026-16198, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: VulDB

Description

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. The impacted element is an unknown function of the file web/backend/middleware/access_control.go of the component First Run Setup. Performing a manipulation of the argument allowed_cidrs results in authentication bypass using alternate channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. The patch is named 017601354be38cb027ff3ffb01aed79bd5d12610. Applying a patch is the recommended action to fix this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sipeed picoclaw to 0.2.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Sipeed PicoClaw up to version 0.2.9. It involves an authentication bypass in the first-run setup process due to improper handling of the allowed_cidrs argument in the access control middleware. Attackers can exploit this by using a same-host loopback proxy to relay traffic to the unauthenticated POST /api/auth/setup endpoint, allowing them to set the initial dashboard password and gain full administrative control.

Detection Guidance

Check if PicoClaw is running versions up to 0.2.9. Inspect network traffic to the launcher's POST /api/auth/setup endpoint during first-run setup. Look for loopback proxying or same-host relay attempts targeting the access control middleware in web/backend/middleware/access_control.go.

Impact Analysis

An attacker could gain unauthorized administrative access to the PicoClaw launcher, allowing them to change configurations, access sensitive data, or perform other privileged operations. This is possible even if the system is intended to be restricted to specific network ranges.

Compliance Impact

This vulnerability allows unauthorized administrative access to the PicoClaw launcher during first-run setup by bypassing network restrictions via loopback proxying. For GDPR, this could lead to unauthorized access to personal data processed by the system, violating principles of data protection and user consent. For HIPAA, it risks exposing protected health information if the system handles such data, as unauthorized access could result in data breaches and non-compliance with security requirements.

Mitigation Strategies

Apply the patch commit 017601354be38cb027ff3ffb01aed79bd5d12610. Disable localhost bypass if using same-host proxies. Configure trusted proxy CIDRs and sanitize X-Forwarded-For headers. Restrict MCP server access to trusted networks and monitor for unusual activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart