PT-2026-60767 · Poco Ai · Poco-Claw
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run task of the file executor/app/api/v1/task.py. The manipulation of the argument callback url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity.
Exploit
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Poco-Claw