CVE-2026-15629 | louisho5 picobot up to 0.2.0 Workspace filesystem.go CreateSkill/GetSkill link following (Issue 40 / EUVD-2026-43618)
A vulnerability was found in louisho5 picobot up to 0.2.0 and classified as critical. Impacted is the function CreateSkill/GetSkill of the file internal/agent/tools/filesystem.go of the component Workspace Handler. Executing a manipulation can lead to link following.
This vulnerability is registered as CVE-2026-15629. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.