PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16016 poco-ai CVE debrief

A server-side request forgery vulnerability was identified in poco-ai poco-claw up to 0.5.4. The issue affects the function run_task of the file executor/app/api/v1/task.py. The manipulation of the argument callback_url leads to server-side request forgery. The attack is possible to be carried out remotely. This vulnerability has a CVSS score of 5.5 and a MEDIUM severity.

Vendor
poco-ai
Product
poco-claw
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of poco-ai poco-claw up to 0.5.4 should be aware of this server-side request forgery vulnerability and take necessary precautions. This includes applying patches, restricting access to the affected function, and monitoring for suspicious activity.

Technical summary

The vulnerability is caused by improper handling of the callback_url argument in the run_task function of the executor/app/api/v1/task.py file in poco-ai poco-claw up to 0.5.4. This allows an attacker to manipulate the argument and perform a server-side request forgery attack. The vulnerability affects poco-ai poco-claw up to 0.5.4 and has a CVSS score of 5.5 with a MEDIUM severity. Users should apply patches, restrict access to the affected function, and monitor for suspicious activity related to the callback_url argument. The attack is possible to be carried out remotely and the exploit is publicly available.

Defensive priority

Medium priority should be given to patching this vulnerability, as it is a remotely exploitable issue with a CVSS score of 5.5.

Recommended defensive actions

  • Apply the patch for poco-ai poco-claw up to 0.5.4
  • Restrict access to the affected function run_task
  • Monitor for suspicious activity related to the callback_url argument
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-17T14:17:21.697Z and was last modified on 2026-07-17T14:59:38.667Z. The NVD entry is currently Deferred. The vulnerability affects poco-ai poco-claw up to 0.5.4, and the issue is related to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T14:17:21.697Z and has not been modified since then. The NVD entry is currently Deferred.