Tag
A server-side request forgery (SSRF) vulnerability, CVE-2026-16084, has been identified in Sipeed PicoClaw versions up to 0.2.9, allowing remote exploitation due to a weakness in the `web_fetch` function of `pkg/tools/integration/web.go`, with a public exploit available.