Product
PicoClaw version 0.2.4 is vulnerable to command injection via the /api/gateway/restart endpoint of the Web Launcher Management Plane, allowing a remote attacker to execute arbitrary commands by manipulating input.