MEDIUM
poco-ai
CVE published 2026-07-14
CVE-2026-15622
CVE-2026-15622 is an authorization bypass vulnerability in the Workspace API of Poco AI's Poco Claw up to version 0.5.4. The vulnerability is located in the get_workspace_file function within the executor_manager/app/api/v1/workspace.py file. An attacker can exploit this flaw by manipulating the user_id argument, potentially leading to unauthorized access. The vulnerability has been publicly disclosed and [truncated]