GHSA-r2gh-4x75-72jfLowCVSS 5.3
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function...
🔗 CVE IDs covered (1)
📋 Description
A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
🔗 References (10)
- https://nvd.nist.gov/vuln/detail/CVE-2026-15669
- https://github.com/louisho5/picobot/issues/42
- https://github.com/louisho5/picobot/issues/43
- https://github.com/louisho5/picobot
- https://vuldb.com/cve/CVE-2026-15669
- https://vuldb.com/submit/855869
- https://vuldb.com/submit/855870
- https://vuldb.com/vuln/378163
- https://vuldb.com/vuln/378163/cti
- https://github.com/advisories/GHSA-r2gh-4x75-72jf