A vulnerability classified as critical was found in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/access_control.go of the component Launcher. Such manipulation leads to improper access controls.

This vulnerability is listed as CVE-2026-15319. The attack may be performed from remote. In addition, an exploit is available.

A patch should be applied to remediate this issue.