Submit #856815: poco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306)info

Titlepoco-ai poco-agent 0.5.4 Missing Authentication for Critical Function (CWE-306)
Description# Technical Details An unauthenticated user spoofing vulnerability exists in the `create_task` method in `executor_manager/app/api/v1/tasks.py` of poco-agent. An attacker can call the public executor-manager task creation API and supply an arbitrary `user_id`. The manager forwards that value into the backend's trusted internal session creation flow together with a valid `X-Internal-Token`, which causes the backend to persist a new session under the attacker-chosen identity. The backend's `get_current_user_id()` in `backend/app/core/deps.py` accepts any `X-User-Id` value when a valid internal token is present. # Vulnerable Code File: executor_manager/app/api/v1/tasks.py Method: create_task (POST /api/v1/tasks route) Why: Accepts `TaskCreateRequest` directly and forwards `request.user_id` without any authentication dependency. File: backend/app/core/deps.py Method: get_current_user_id Why: Any request carrying a valid internal token is allowed to provide `X-User-Id` as the effective identity. When the manager presents the internal token, the backend trusts whatever `X-User-Id` was forwarded. File: backend/app/api/v1/internal_sessions.py Method: create_session_internal Why: Consumes the trusted identity from `get_current_user_id()` and persists an AgentSession under that spoofed owner without verifying the identity was authenticated at the originating manager. # Reproduction 1. Start a Docker Compose deployment with backend (127.0.0.1:18080) and executor-manager (127.0.0.1:18081). 2. Confirm the backend public task API rejects unauthenticated requests with 401. 3. Send an unauthenticated POST to executor-manager /api/v1/tasks with `user_id` set to a victim identity. 4. Observe the manager accepts the request (200) and the backend's independent session record shows `persisted_user_id` matching the spoofed victim. # Impact - Unauthorized session creation under arbitrary victim accounts. - Corruption of ownership and audit data in backend session records. - Bypass of the backend public task API's authentication gate. - Potential follow-on abuse of task execution, billing/usage attribution, and downstream workflow ownership.
Source⚠️ https://github.com/poco-ai/poco-claw/issues/139
User
 Erichen (UID 98955)
Submission06/12/2026 10:35 (1 month ago)
Moderation07/17/2026 07:44 (1 month later)
StatusDuplicate
VulDB entry379757 [poco-ai poco-claw up to 0.5.4 executor_manager API tasks.py create_task missing authentication]
Points0

Want to know what is going to be exploited?

We predict KEV entries!