No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 14 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended. | |
| Title | poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization | |
| First Time appeared |
Poco-ai
Poco-ai poco-claw |
|
| Weaknesses | CWE-285 CWE-639 |
|
| CPEs | cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Poco-ai
Poco-ai poco-claw |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T12:36:09.742Z
Reserved: 2026-07-13T17:01:54.313Z
Link: CVE-2026-15622
Updated: 2026-07-14T12:36:03.866Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T12:45:10Z