Ghostwire

CVE-2026-16016: A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file...

MEDIUM CVSS 0.0

Published: July 17, 2026 | Last Modified: July 17, 2026

Description

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References