| 제목 | PicoClaw V0.2.4 Command execution |
|---|
| 설명 | The unauthenticated Web Launcher management plane can directly change the config.json, write any hooks.processes[*].command into it, and then restart the gateway through the unauthenticated POST /api/gateway/restart. When the gateway starts, this command is immediately started as a process hook, forming a stable RCE
This vulnerability can directly result in unauthenticated remote code execution under the following conditions. The target launches picoclaw-launcher -public or the launcher is deployed as an accessible management plane in the same CIDR segment and allowed_cidrs is empty, or the attacker IP is within the allowed range |
|---|
| 원천 | ⚠️ https://github.com/sipeed/picoclaw/issues/2307 |
|---|
| 사용자 | AiSec (UID 97073) |
|---|
| 제출 | 2026. 04. 03. AM 10:49 (24 날 ago) |
|---|
| 모더레이션 | 2026. 04. 24. PM 09:16 (21 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359530 [PicoClaw 까지 0.2.4 Web Launcher Management Plane /api/gateway/restart 권한 상승] |
|---|
| 포인트들 | 20 |
|---|