What happened
NVD published a high-severity (CVSS 7.3) SSRF vulnerability in poco-claw's task executor, triggered via the callback_url parameter of the run_task function, with a public exploit already available.
Why it matters
poco-claw is an AI agent execution/task platform; SSRF in its task callback mechanism can be used to reach internal cloud metadata services or internal-only systems from the agent execution environment, a common pivot point for further compromise of AI infrastructure.
Attack vector
The run_task function in executor/app/api/v1/task.py accepts a callback_url argument that is not validated, allowing an attacker to manipulate it to force the server to make requests to arbitrary internal or external endpoints (SSRF), remotely and with a publicly available exploit.
Affected systems
poco-ai poco-claw up to 0.5.4
Mitigation
No official patch confirmed at disclosure time; restrict/validate callback_url to an allowlist of trusted hosts and block requests to internal/metadata IP ranges.