PT-2026-57949 · Poco Ai · Poco-Claw

Eric-B

·

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-15622

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get workspace file of the file executor manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended.

Exploit

Fix

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15622

Affected Products

Poco-Claw