Sipeed PicoClaw Server-Side Request Forgery Vulnerability in Web Fetch Component

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Sipeed PicoClaw versions through 0.2.9. The issue resides in the 'isPrivateOrRestrictedIP' function within 'pkg/tools/integration/web.go', specifically in the 'web_fetch' component. The vulnerability arises because the IP restriction logic fails to block special-use IPv4 addresses, such as '198.18.0.0/15', which should be considered restricted. This oversight allows an attacker to bypass the application's network egress policy and access internal resources via the 'web_fetch' tool.

Impact

Exploitation of this vulnerability bypasses the application's outbound network restrictions, allowing unauthorized access to external services or internal resources that could be exploited for further attacks.

Reproduction

The vulnerability can be reproduced by using the 'web_fetch' tool to request a URL that includes a special-use IPv4 address within the '198.18.0.0/15' range. This request will successfully bypass the application's SSRF protections and reach the intended destination, demonstrating the vulnerability.

Remediation

Users are advised to update to Sipeed PicoClaw version 0.3.1 or later, where this vulnerability has been patched.

Added: Jul 18, 2026, 11:23 PM
Updated: Jul 18, 2026, 11:23 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
7.4
remediation
0.0
relevance
9.9
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.