Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-6987
7.3 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Reasonable (R)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
PicoClaw Web Launcher Management Plane restart command injection
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of the problem early through an issue report but has not responded yet.
References
-
-
Submit #796336 | PicoClaw V0.2.4 Command execution third-party-advisory
-
https://github.com/sipeed/picoclaw/issues/2307 issue-tracking
Affected products
PicoClaw
- ==0.2.4
- ==0.2.2
- ==0.2.0
- ==0.2.1
- ==0.2.3
Package maintainers
-
@manfredmacx Manfred Macx <mfmacx@proton.me>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>