A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
https://vuldb.com/vuln/378163/cti
https://vuldb.com/submit/855870
https://vuldb.com/submit/855869
https://vuldb.com/cve/CVE-2026-15669
https://github.com/louisho5/picobot/issues/43