No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 17 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity. | |
| Title | poco-ai poco-claw task.py run_task server-side request forgery | |
| First Time appeared |
Poco-ai
Poco-ai poco-claw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Poco-ai
Poco-ai poco-claw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-17T14:51:53.546Z
Reserved: 2026-07-17T05:44:08.705Z
Link: CVE-2026-16016
Updated: 2026-07-17T14:51:22.988Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T15:30:04Z