CVE-2026-15668 | louisho5 picobot up to 0.2.0 web Tool web.go WebTool.Execute url server-side request forgery (Issue 41 / EUVD-2026-43619)
A vulnerability was found in louisho5 picobot up to 0.2.0. It has been rated as critical. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery.
This vulnerability is documented as CVE-2026-15668. The attack can be initiated remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.