Back to overview

CVE-2026-16015

MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was determined in poco-ai poco-claw up to 0.5.4. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager API. Executing a manipulation can lead to missing authentication. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.5.7 is able to resolve this issue. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. It is recommended to upgrade the affected component.

Metadata

CVE ID
CVE-2026-16015
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-17 05:44 UTC
Published
2026-07-17 13:15 UTC
Last updated
2026-07-17 13:15 UTC
Primary CWE
CWE-306
Missing Authentication
Vendor / Product
poco-ai / poco-claw
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected products (1)
VendorProductPlatformVersions
poco-ai poco-claw 0.5.0, 0.5.1, 0.5.2, 0.5.3 …
Weakness (CWE)
CWESourceDescription
CWE-287 cna Improper Authentication
CWE-306 cna Missing Authentication
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
6.3 MEDIUM 3.0 cna CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.8 N/D 2.0 cna AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (13)
Back to overview