Cyber Resilience

CVE-2026-6987

MediumPublic PoC

Published: 25 April 2026

Published
25 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0313 86.3th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-6987 is a medium-severity Injection (CWE-74) vulnerability in Sipeed Picoclaw. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability has been identified in PicoClaw versions up to 0.2.4 within the Web Launcher Management Plane component. Specifically, an unauthenticated remote manipulation of the /api/gateway/restart endpoint can trigger command injection, as classified under CWE-74 and CWE-77. The issue was reported through a project issue tracker prior to public disclosure on 2026-04-25, but the maintainers have not issued a response.

Remote attackers can exploit the flaw without requiring credentials or user interaction to execute arbitrary commands on the affected system. Successful exploitation yields limited effects on confidentiality, integrity, and availability according to the CVSS 5.5 rating, with the attack vector rated as network-accessible and low complexity.

References including the GitHub issue report and Vuldb entries contain no details on patches, workarounds, or official mitigation guidance. The EPSS probability rose from a low baseline to a peak of 0.0214 on 2026-05-01 before receding, indicating a temporary increase in exploitation interest following disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher Management Plane. Performing a manipulation results in command injection. It is possible to initiate the attack remotely.…

more

The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The vulnerability is a remote unauthenticated command injection in a public-facing web API endpoint, directly enabling T1190 (Exploit Public-Facing Application) for initial access and facilitating T1059.004 (Unix Shell) for arbitrary command execution on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1413Shared CWE-74, CWE-77
CVE-2026-1624Shared CWE-74, CWE-77
CVE-2026-4204Shared CWE-74, CWE-77
CVE-2026-8345Shared CWE-74, CWE-77
CVE-2026-4197Shared CWE-74, CWE-77
CVE-2026-2085Shared CWE-74, CWE-77
CVE-2026-2000Shared CWE-74, CWE-77
CVE-2026-3662Shared CWE-74, CWE-77
CVE-2026-4195Shared CWE-74, CWE-77
CVE-2025-13798Shared CWE-74, CWE-77

Affected Assets

sipeed
picoclaw
≤ 0.2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents command injection vulnerabilities like CVE-2026-6987 by requiring validation and neutralization of special elements in inputs to the /api/gateway/restart endpoint.

prevent

SI-2 mandates timely identification, reporting, and correction of flaws, addressing the unpatched command injection in PicoClaw up to 0.2.4.

preventdetect

SC-7 provides boundary protection via mechanisms like web application firewalls to block or detect remote command injection attempts on the unauthenticated network-accessible endpoint.

References