<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Poco-Claw &lt;= 0.5.4 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/poco-claw--0.5.4/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 17 Jul 2026 14:18:18 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/poco-claw--0.5.4/feed.xml" rel="self" type="application/rss+xml"/><item><title>Vulnerability in poco-ai poco-claw Leads to Server-Side Request Forgery (CVE-2026-16016)</title><link>https://feed.craftedsignal.io/briefs/2026-07-poco-claw-ssrf/</link><pubDate>Fri, 17 Jul 2026 14:18:18 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-poco-claw-ssrf/</guid><description>A high-severity server-side request forgery (SSRF) vulnerability, identified as CVE-2026-16016, exists in poco-ai's poco-claw software up to version 0.5.4, allowing remote attackers to manipulate the `callback_url` argument in the `run_task` function to force the server to make arbitrary requests, with a public exploit available posing an immediate risk.</description><content:encoded><![CDATA[<p>A high-severity server-side request forgery (SSRF) vulnerability, tracked as CVE-2026-16016, has been identified in <code>poco-ai poco-claw</code> versions up to and including 0.5.4. This flaw specifically affects the <code>run_task</code> function located within the <code>executor/app/api/v1/task.py</code> file. Attackers can exploit this vulnerability by manipulating the <code>callback_url</code> argument, compelling the affected <code>poco-claw</code> instance to initiate arbitrary requests to internal or external systems. The vulnerability can be exploited remotely, and a public exploit is known to be available, indicating an increased risk of active exploitation. Defenders should prioritize patching and monitoring for unusual outbound connections from affected systems to mitigate potential information disclosure or internal network access.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker discovers an internet-facing instance of <code>poco-ai poco-claw</code> version 0.5.4 or earlier.</li>
<li>The attacker crafts an HTTP POST request targeting the <code>run_task</code> function exposed via the <code>/api/v1/task.py</code> endpoint on the vulnerable server.</li>
<li>Within the request, the attacker provides a maliciously constructed internal or external URL as the value for the <code>callback_url</code> argument.</li>
<li>The vulnerable <code>poco-claw</code> application, lacking proper input validation for the <code>callback_url</code> parameter, processes the <code>run_task</code> request.</li>
<li>The <code>run_task</code> function initiates an outbound HTTP request from the <code>poco-claw</code> host to the URL specified by the attacker in <code>callback_url</code>.</li>
<li>This server-side request is performed by the <code>poco-claw</code> instance, allowing the attacker to interact with internal network resources, bypass firewall restrictions, or perform network scans from the server's context.</li>
<li>The attacker receives or infers the response to the SSRF-induced request, gathering information about internal services or performing actions on behalf of the <code>poco-claw</code> server.</li>
<li>This gained access or information can then be leveraged for further reconnaissance, lateral movement within the network, or data exfiltration.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-16016 leads to server-side request forgery, which can have significant consequences. Attackers can leverage this to bypass network access controls, scan internal networks, access sensitive internal services, or exfiltrate data from systems that are otherwise unreachable from the internet. The remote exploitability and public availability of exploit code increase the likelihood of widespread attacks, potentially leading to unauthorized access to critical internal infrastructure and sensitive information.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch all <code>poco-ai poco-claw</code> instances to a version greater than 0.5.4 immediately to remediate CVE-2026-16016.</li>
<li>Deploy the Sigma rule &quot;Detect Potential Server-Side Request Forgery to Private IPs&quot; to your SIEM and tune it for your environment.</li>
<li>Enable comprehensive network connection logging for servers running <code>poco-claw</code> applications to monitor for unusual outbound requests.</li>
<li>Implement outbound firewall rules to restrict network connections initiated by the <code>poco-claw</code> application only to necessary and approved destinations.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">threat</category><category>server-side-request-forgery</category><category>ssrf</category><category>web-vulnerability</category><category>python</category><category>remote-code-execution</category><category>cve</category></item></channel></rss>