CVE-2026-15319

Source
https://cve.org/CVERecord?id=CVE-2026-15319
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15319.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15319
Published
2026-07-10T01:45:08.961Z
Modified
2026-07-15T01:49:13.259392395Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Sipeed PicoClaw Launcher access_control.go IPAllowlist access control
Details

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 3126. A patch should be applied to remediate this issue.

Database specific
{
    "cwe_ids": [
        "CWE-266",
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15319.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/sipeed/picoclaw

Affected ranges

Type
GIT
Repo
https://github.com/sipeed/picoclaw
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.2.0"
        },
        {
            "last_affected": "0.2.0"
        },
        {
            "introduced": "0.2.1"
        },
        {
            "last_affected": "0.2.1"
        },
        {
            "introduced": "0.2.2"
        },
        {
            "last_affected": "0.2.2"
        },
        {
            "introduced": "0.2.3"
        },
        {
            "last_affected": "0.2.3"
        },
        {
            "introduced": "0.2.4"
        },
        {
            "last_affected": "0.2.4"
        },
        {
            "introduced": "0.2.5"
        },
        {
            "last_affected": "0.2.5"
        },
        {
            "introduced": "0.2.6"
        },
        {
            "last_affected": "0.2.6"
        },
        {
            "introduced": "0.2.7"
        },
        {
            "last_affected": "0.2.7"
        },
        {
            "introduced": "0.2.8"
        },
        {
            "last_affected": "0.2.8"
        },
        {
            "introduced": "0.2.9"
        },
        {
            "last_affected": "0.2.9"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
v0.*
v0.2.0
v0.2.1
v0.2.2
v0.2.2-nightly.20260312.6612ca09
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15319.json"