Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 18 Jun 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection via Incomplete Denylist in picoclaw ExecTool |
Wed, 17 Jun 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in picoclaw ExecTool |
Tue, 16 Jun 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in picoclaw ExecTool |
Tue, 02 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection via picoclaw ExecTool |
Fri, 29 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection via picoclaw ExecTool |
Thu, 28 May 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in picoclaw’s ExecTool Component due to Incomplete Denylist |
Thu, 28 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 27 May 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in picoclaw’s ExecTool Component due to Incomplete Denylist | |
| First Time appeared |
Sipeed
Sipeed picoclaw |
|
| Weaknesses | CWE-78 | |
| Vendors & Products |
Sipeed
Sipeed picoclaw |
Wed, 27 May 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-28T13:32:36.668Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-36045
Updated: 2026-05-28T13:32:28.079Z
Status : Deferred
Published: 2026-05-27T14:16:45.287
Modified: 2026-06-17T10:41:02.900
Link: CVE-2026-36045
No data.
OpenCVE Enrichment
Updated: 2026-06-18T07:45:03Z