PT-2026-60767 · Poco Ai · Poco-Claw

·

CVE-2026-16016

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run task of the file executor/app/api/v1/task.py. The manipulation of the argument callback url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-16016

Produtos afetados

Poco-Claw