Metrics
Affected Vendors & Products
Fri, 17 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity. | |
| Title | poco-ai poco-claw task.py run_task server-side request forgery | |
| First Time appeared |
Poco-ai
Poco-ai poco-claw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Poco-ai
Poco-ai poco-claw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-17T14:51:53.546Z
Reserved: 2026-07-17T05:44:08.705Z
Link: CVE-2026-16016
Updated: 2026-07-17T14:51:22.988Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T15:30:04Z