A vulnerability described as problematic has been identified in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass.

The identification of this vulnerability is CVE-2026-15622. The attack may be launched remotely. Furthermore, there is an exploit available.

Upgrading the affected component is recommended.