PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15622 poco-ai CVE debrief

CVE-2026-15622 is an authorization bypass vulnerability in the Workspace API of Poco AI's Poco Claw up to version 0.5.4. The vulnerability is located in the get_workspace_file function within the executor_manager/app/api/v1/workspace.py file. An attacker can exploit this flaw by manipulating the user_id argument, potentially leading to unauthorized access. The vulnerability has been publicly disclosed and a patch is available. Users should be aware of this vulnerability and take steps to mitigate it.

Vendor
poco-ai
Product
poco-claw
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-14
Advisory published
2026-07-14
Advisory updated
2026-07-14

Who should care

Users of Poco AI's Poco Claw up to version 0.5.4, particularly operators, platform administrators, vulnerability management teams, and security teams, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to a patched version and monitoring for potential exploitation attempts.

Technical summary

The vulnerability is caused by a flaw in the get_workspace_file function of the Workspace API in Poco Claw up to version 0.5.4. By manipulating the user_id argument, an attacker can bypass authorization checks, potentially gaining unauthorized access to workspace files. This vulnerability has a CVSS score of 5.5 and is considered medium severity. A patch is available, identified as 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Users of Poco AI's Poco Claw should upgrade to a patched version and monitor for potential exploitation attempts.

Defensive priority

Medium priority should be given to patching this vulnerability, as it could potentially be exploited remotely to gain unauthorized access. Defenders should review compensating controls for exposed systems while remediation is scheduled and verified, and track exceptions, retest remediated assets, and close the item only after evidence is documented. Monitoring, detection, and logs for exposed assets should be reviewed for extra review. An owner should be assigned for follow-up on affected product deployments in managed environments. Official advisories or CVE records should be reviewed to validate affected scope, severity, and vendor guidance. Vendor-supported updates or mitigations should be planned through normal change control where exposure is confirmed. Asset inventory should be checked for exposed assets that need extra review. Rollback change windows should be considered if necessary. Source tracking should be implemented to monitor for potential exploitation attempts. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified. Exposure review should be conducted to identify potential vulnerabilities. Vendor patch guidance should be followed to ensure proper patching of the vulnerability. Monitoring should be implemented to detect potential exploitation attempts. Asset inventory should be reviewed to identify affected assets. Rollback change windows should be considered if necessary. Source tracking should be implemented to monitor for potential exploitation attempts. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified. Exposure review should be conducted to identify potential vulnerabilities. Vendor patch guidance should be followed to ensure proper patching of the vulnerability. Monitoring should be implemented to detect potential exploitation attempts. Asset inventory should be reviewed to identify affected assets. Rollback change windows should be considered if necessary. Source tracking should be implemented to monitor for potential exploitation attempts. Compensating controls should be reviewed for exposed systems while remediation is scheduled and and

Recommended defensive actions

  • Upgrade Poco Claw to a version that includes the patch 67fcc88505c57f77d3fcf04eb5b89425b10cbf48
  • Monitor for potential exploitation attempts
  • Review and adjust access controls for the Workspace API
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-14T02:16:54.223Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The vulnerability has been publicly disclosed and a patch is available. Evidence is limited to CVE and NVD entries. Defenders should verify affected product deployments, review official advisories, and plan for vendor-supported updates or mitigations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T02:16:54.223Z and has not been modified since then. The NVD entry is currently in the 'Received' status.