CVE-2026-36045 Sipeed CVE debrief

Who should care

Organizations using picoclaw for shell command execution, particularly in automated or exposed environments, should prioritize patching. Security teams should assess any deployments of picoclaw v0.1.2 or earlier for potential command injection exposure.

Technical summary

The guardCommand() function in picoclaw's ExecTool component (pkg/tools/shell.go) uses an incomplete denylist of 8 regular expressions to filter shell commands. Attackers can bypass these restrictions to execute arbitrary OS commands. The vulnerability affects picoclaw v0.1.2 and earlier versions.

Defensive priority

high

Recommended defensive actions

• Upgrade picoclaw to a version newer than v0.1.2 when available
• Review and replace denylist-based input validation with allowlist-based validation in shell command execution functions
• Audit all uses of ExecTool component for command injection risks
• Implement defense-in-depth with additional input sanitization and parameterized command execution where possible
• Monitor for security advisories from the picoclaw project for patch availability

Evidence notes

The CVE description confirms the vulnerability location in pkg/tools/shell.go within the guardCommand() function. The incomplete denylist of 8 regular expressions is explicitly cited as the root cause. Release tag v0.1.2 is referenced as the affected version boundary.

Official resources