PicoClaw Web Launcher Management Plane restart command injection_CVE-2026-6987

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-6987

Source VulDB

Published Apr 25, 2026 at 16:45

Affected Product

Vendor n/a

Product PicoClaw

Version 0.2.0

Affected Versions n/a PicoClaw 0.2.0
n/a PicoClaw 0.2.1
n/a PicoClaw 0.2.2
n/a PicoClaw 0.2.3
n/a PicoClaw 0.2.4

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-25T16:45:09.726Z",
    "modified": "2026-04-25T16:45:09.726Z",
    "type": "cve",
    "title": "PicoClaw Web Launcher Management Plane restart command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359530\nhttps://vuldb.com/vuln/359530/cti\nhttps://vuldb.com/submit/796336\nhttps://github.com/sipeed/picoclaw/issues/2307",
    "id": "CVE-2026-6987",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "n/a PicoClaw 0.2.0\nn/a PicoClaw 0.2.1\nn/a PicoClaw 0.2.2\nn/a PicoClaw 0.2.3\nn/a PicoClaw 0.2.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PicoClaw",
    "version": "0.2.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}