Vulnerability  ·  2026-07-19

Sipeed PicoClaw Time-of-Check Time-of-Use Flaw in Tool Execution

VulnerabilityMedium impactGlobalCVE-2026-16082
NVD published a medium-severity (CVSS 5.3) TOCTOU vulnerability in PicoClaw's agent tool execution pipeline, allowing a local attacker to manipulate the working directory between check and use.
While requiring local access limits blast radius, TOCTOU flaws in agent tool executors can be used to redirect file operations performed by an AI agent to attacker-controlled paths, an important class of bug for sandboxed/edge AI agent runtimes like PicoClaw.
The ExecTool.executeRun function in pkg/agent/pipeline_execute.go is vulnerable to a TOCTOU race condition via manipulation of the cwd argument; the attack must be carried out locally, with a publicly available exploit.
Sipeed PicoClaw up to 0.2.9
No official patch confirmed at disclosure time; avoid untrusted local access to PicoClaw agent execution environments pending a fix.
Sipeed PicoClaw GitHub repository
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →