Remote Server-Side Request Forgery in Sipeed PicoClaw (CVE-2026-16084)
A server-side request forgery (SSRF) vulnerability, CVE-2026-16084, has been identified in Sipeed PicoClaw versions up to 0.2.9, allowing remote exploitation due to a weakness in the `web_fetch` function of `pkg/tools/integration/web.go`, with a public exploit available.
A high-severity server-side request forgery (SSRF) vulnerability, tracked as CVE-2026-16084, has been discovered in Sipeed PicoClaw, affecting all versions up to and including 0.2.9. The weakness resides within the web_fetch function located in the pkg/tools/integration/web.go file, allowing for remote exploitation without authentication. Attackers can manipulate server-side requests to access internal network resources or bypass external restrictions. A public exploit for this vulnerability is available, increasing the immediate risk of exploitation. Defenders should prioritize patching this vulnerability to prevent potential network compromise and data exposure.
Attack Chain
- An unauthenticated attacker sends a crafted HTTP request to a vulnerable Sipeed PicoClaw server, specifically targeting the
web_fetchfunction. - The attacker embeds a malicious URL, which could point to an internal network resource (e.g.,
192.168.1.100,localhost) or a controlled external service, within the request parameters. - The
web_fetchfunction inpkg/tools/integration/web.goprocesses this attacker-controlled input without sufficient validation or sanitization. - As a result, the Sipeed PicoClaw server's process (e.g.,
picoclaw) initiates an unexpected outbound network connection to the URL specified by the attacker. - The server acts as an unwitting proxy, making a request on behalf of the attacker to the target resource.
- The response from the target resource is then transmitted back to the Sipeed PicoClaw server, which may relay it to the attacker, potentially exposing sensitive information.
- The attacker leverages the server's elevated access to perform actions such as internal network enumeration, port scanning, accessing sensitive services, or bypassing firewall rules.
Impact
Successful exploitation of CVE-2026-16084 can lead to significant network exposure and potential data exfiltration. Attackers can use the vulnerable PicoClaw server to access services and systems on internal networks that are otherwise inaccessible from the internet. This includes scanning internal ports, accessing internal APIs, or retrieving sensitive data from other internal applications. The public availability of an exploit significantly increases the likelihood of widespread attacks, making unpatched systems prime targets for network reconnaissance and further compromise.
Recommendation
- Immediately apply the patch associated with commit
c15aac21fe05ee103a470e1104bc891754e83392to all Sipeed PicoClaw installations to mitigate CVE-2026-16084. - Deploy the Sigma rule "Detect Possible SSRF Outbound Connection from Sipeed PicoClaw (CVE-2026-16084)" to your SIEM to identify suspicious outbound network connections originating from the
picoclawprocess. - Enable comprehensive network connection logging for all servers running Sipeed PicoClaw to monitor for unexpected outbound traffic to internal or unusual external IP addresses.
Detection coverage 1
Detect Possible SSRF Outbound Connection from Sipeed PicoClaw (CVE-2026-16084)
highDetects CVE-2026-16084 exploitation by identifying suspicious outbound network connections initiated by the Sipeed PicoClaw application, potentially indicating server-side request forgery (SSRF). This rule assumes the executable name for PicoClaw is 'picoclaw' and it may run on Linux or Windows.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
1
hash_sha1
8
url
| Type | Value |
|---|---|
| url | https://github.com/sipeed/picoclaw/ |
| url | https://github.com/sipeed/picoclaw/commit/c15aac21fe05ee103a470e1104bc891754e83392 |
| hash_sha1 | c15aac21fe05ee103a470e1104bc891754e83392 |
| url | https://github.com/sipeed/picoclaw/issues/3074 |
| url | https://github.com/sipeed/picoclaw/pull/3143 |
| url | https://vuldb.com/cve/CVE-2026-16084 |
| url | https://vuldb.com/submit/852946 |
| url | https://vuldb.com/vuln/379796 |
| url | https://vuldb.com/vuln/379796/cti |