CVE-2026-16016 | poco-ai poco-claw up to 0.5.4 task.py run_task callback_url server-side request forgery (Issue 138)

SecurityVulns

A vulnerability was found in poco-ai poco-claw up to 0.5.4. It has been rated as critical. This issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-16016. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The reported GitHub issue was closed automatically due to inactivity.VulDB Recent EntriesRead More