No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity. | |
| Title | poco-ai poco-claw task.py run_task server-side request forgery | |
| First Time appeared |
Poco-ai
Poco-ai poco-claw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Poco-ai
Poco-ai poco-claw |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-17T13:30:10.299Z
Reserved: 2026-07-17T05:44:08.705Z
Link: CVE-2026-16016
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-918
Server-Side Request Forgery (SSRF)