CVE-2026-16081

Severity CVSS v4.0:
LOW
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
18/07/2026
Last modified:
18/07/2026

Description

A vulnerability was determined in Sipeed PicoClaw up to 0.2.9. The affected element is an unknown function of the file web/backend/api/auth.go. Executing a manipulation can lead to cross-site request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 4b0229351678f479429b8d8b19207757266f246b. Applying a patch is advised to resolve this issue.