CVE-2026-6987

HighPublic PoC

Published: 25 April 2026

Published

25 April 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0020 41.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely.…

The project was informed of the problem early through an issue report but has not responded yet.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly prevents command injection vulnerabilities like CVE-2026-6987 by requiring validation and neutralization of special elements in inputs to the /api/gateway/restart endpoint.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely identification, reporting, and correction of flaws, addressing the unpatched command injection in PicoClaw up to 0.2.4.

SC-7 Boundary Protection partial match

preventdetect

SC-7 provides boundary protection via mechanisms like web application firewalls to block or detect remote command injection attempts on the unauthenticated network-accessible endpoint.

Security SummaryAI

CVE-2026-6987 is a command injection vulnerability in PicoClaw versions up to 0.2.4. The issue affects an unknown function in the /api/gateway/restart file within the Web Launcher Management Plane component. Classified under CWE-74 (Improper Neutralization of Special Elements) and CWE-77 (Command Injection), it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and ease of exploitation.

Attackers can exploit this vulnerability remotely without authentication, privileges, or user interaction, requiring only low attack complexity. By manipulating the affected endpoint, they can inject arbitrary commands, achieving limited impacts on confidentiality (C:L), integrity (I:L), and availability (A:L), such as unauthorized command execution on the host system.

Advisories note that the PicoClaw project was informed early through GitHub issue #2307 (https://github.com/sipeed/picoclaw/issues/2307) but has not responded. No patches or official mitigations are available. Further details appear in VulDB entries (https://vuldb.com/vuln/359530, https://vuldb.com/submit/796336, https://vuldb.com/vuln/359530/cti).

Details

CWE(s): CWE-74 CWE-77

Affected Products

sipeed

picoclaw

≤ 0.2.4

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote unauthenticated command injection in a public-facing web API endpoint, directly enabling T1190 (Exploit Public-Facing Application) for initial access and facilitating T1059.004 (Unix Shell) for arbitrary command execution on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/sipeed/picoclaw/issues/2307
Exploit, Mitigation, Vendor Advisory, Issue Tracking · cna@vuldb.com
https://vuldb.com/submit/796336
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359530
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359530/cti
Permissions Required, VDB Entry · cna@vuldb.com