CVE-2026-16015 | poco-ai poco-claw up to 0.5.4 executor_manager API tasks.py create_task missing authentication (136/137/139/140)

SecurityVulns

A vulnerability was found in poco-ai poco-claw up to 0.5.4. It has been declared as critical. This vulnerability affects the function create_task of the file executor_manager/app/api/v1/tasks.py of the component executor_manager API. Executing a manipulation can lead to missing authentication.

This vulnerability is handled as CVE-2026-16015. The attack can only be done within the local network. Additionally, an exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More