Missing Authentication Flaw in poco-ai poco-claw Executor Manager API
CVE-2026-16015
Key Information:
Badges
What is CVE-2026-16015?
A vulnerability has been identified in the poco-ai poco-claw's executor_manager API, specifically in the create_task function located in executor_manager/app/api/v1/tasks.py. This flaw allows for missing authentication, potentially enabling unauthorized access to critical operations. The issue has been made publicly known, and it is advised to upgrade to version 0.5.7, which addresses this security risk through the application of patch 67fcc88505c57f77d3fcf04eb5b89425b10cbf48.
Affected Version(s)
poco-claw 0.5.0
poco-claw 0.5.1
poco-claw 0.5.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
