Back to overview

CVE-2026-15622

MEDIUM
5.3
CVSS 3.1
Description
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended.

Metadata

CVE ID
CVE-2026-15622
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-13 17:01 UTC
Published
2026-07-14 01:15 UTC
Last updated
2026-07-14 01:15 UTC
Primary CWE
CWE-639
Authorization Bypass
Vendor / Product
poco-ai / poco-claw
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
poco-ai poco-claw 0.5.0, 0.5.1, 0.5.2, 0.5.3 …
Weakness (CWE)
CWESourceDescription
CWE-285 cna Improper Authorization
CWE-639 cna Authorization Bypass
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.0 N/D 2.0 cna AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C
References (8)
Back to overview