CVE-2026-16083
MEDIUM
5.3
CVSS 3.1
Description
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This affects the function webhook.ParseRequest of the file pkg/channels/line/line.go of the component LINE Webhook. The manipulation results in authentication bypass by capture-replay. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
Metadata
Severity & Metrics
5.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Sipeed | PicoClaw | — | 0.2.0, 0.2.1, 0.2.2, 0.2.3 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 5.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 5.0 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
References (6)
- VDB-379795 | Sipeed PicoClaw LINE Webhook line.go webhook.ParseRequest authentication replay https://vuldb.com/vuln/379795
- VDB-379795 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/379795/cti
- CVE-2026-16083 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16083
- Submit #852945 | Sipeed PicoClaw <= 0.2.9 Authentication Bypass by Capture-replay (CWE-294) https://vuldb.com/submit/852945
- https://github.com/sipeed/picoclaw/issues/3073
- https://github.com/sipeed/picoclaw/