Skip to main content

poco-claw CVE-2026-16016

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-17 VulDB
5.5
CVSS 4.0 · Vendor: VulDB
Share

Severity by source

Vendor (VulDB) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.2 HIGH

Network-reachable unauthenticated endpoint; SSRF enables scope change affecting subsequent internal systems; no direct availability impact on the vulnerable component.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 17, 2026 - 14:31 vuln.today
CVSS changed
Jul 17, 2026 - 14:22 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
CVE Published
Jul 17, 2026 - 13:30 cve.org
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was identified in poco-ai poco-claw up to 0.5.4. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The reported GitHub issue was closed automatically due to inactivity.

AnalysisAI

Server-side request forgery in poco-ai/poco-claw up to version 0.5.4 allows remote unauthenticated attackers to coerce the application server into issuing arbitrary HTTP requests to attacker-controlled destinations via the unvalidated callback_url parameter in the run_task API function. The flaw is exposed through the task execution endpoint at executor/app/api/v1/task.py and carries a publicly available proof-of-concept exploit referenced on GitHub. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send unauthenticated POST request to /api/v1/task endpoint
Delivery
Supply malicious callback_url targeting internal host or cloud metadata
Exploit
run_task executes without URL validation or filtering
Execution
Server issues HTTP request to internal or restricted resource
Impact
Attacker observes or receives response containing internal data

Vulnerability AssessmentAI

Exploitation The target must be running poco-ai/poco-claw version 0.5.4 or earlier with the task execution API endpoint reachable over a network accessible to the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.5 (Medium) reflects AV:N/AC:L/AT:N/PR:N/UI:N, confirming unauthenticated, low-complexity, network-based exploitation with no special preconditions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote unauthenticated attacker submits a crafted POST request to the poco-claw task API endpoint, setting the callback_url field to http://169.254.169.254/latest/meta-data/iam/security-credentials/ to target an AWS IMDSv1 metadata service. The server's run_task function issues the HTTP request without validating the destination, and the response containing temporary IAM credentials is relayed back to or observable by the attacker. …
Remediation No vendor-released patch has been identified at time of analysis - the originating GitHub issue (https://github.com/poco-ai/poco-claw/issues/138) was closed automatically due to inactivity, signaling no remediation commitment from the maintainer. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-16016 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy