A vulnerability described as problematic has been identified in poco-ai poco-claw up to 0.5.4. Affected is the function
get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass.
The identification of this vulnerability is CVE-2026-15622. The attack may be launched remotely. Furthermore, there is an exploit available.
Upgrading the affected component is recommended.