Back to overview

CVE-2026-15320

MEDIUM
5.4
CVSS 3.1
Description
A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. The reported GitHub issue was closed automatically due to inactivity.

Metadata

CVE ID
CVE-2026-15320
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-09 18:07 UTC
Published
2026-07-10 02:00 UTC
Last updated
2026-07-10 02:00 UTC
Primary CWE
CWE-862
Missing Authorization
Vendor / Product
Sipeed / PicoClaw
Sources
cve.org  ·  NVD

Severity & Metrics

5.4 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C
Affected products (1)
VendorProductPlatformVersions
Sipeed PicoClaw 0.2.0, 0.2.1, 0.2.2, 0.2.3 …
Weakness (CWE)
CWESourceDescription
CWE-862 cna Missing Authorization
CWE-863 cna Incorrect Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.5 N/D 2.0 cna AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:C
5.4 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C
5.4 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (6)
Back to overview