Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-15622— poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization

CVSS 5.3 · Medium

Possible ATT&CK Techniques 1AI

T1078 · Valid Accounts
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-15622

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
poco-aipoco-claw 0.5.0 cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-15622

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-15622

登录查看更多情报信息。

Patches & Fixes for CVE-2026-15622 (2)

Other References for CVE-2026-15622 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-15622

No comments yet


Leave a comment