10 matches found
CVE-2026-16016
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...
CVE-2026-16015
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...
CVE-2026-16016
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...
CVE-2026-16016 poco-ai poco-claw task.py run_task server-side request forgery
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...
CVE-2026-16016
The CVE-2026-16016 entry affects Poco AI’s poco-claw up to version 0.5.4. Affected component: run_task in executor/app/api/v1/task.py. Root cause: manipulation of the callback_url argument enables server-side request forgery (SSRF). Impact: remote exploitation with potential access to internal re...
EUVD-2026-45172
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function runtask of the file executor/app/api/v1/task.py. The manipulation of the argument callbackurl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is...
CVE-2026-16015 poco-ai poco-claw executor_manager API tasks.py create_task missing authentication
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...
EUVD-2026-45171
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function createtask of the file executormanager/app/api/v1/tasks.py of the component executormanager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly...
CVE-2026-15622
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...
CVE-2026-15622 poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...