CVE-2026-10281
Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.
| CWE | CWE-306 CWE-287 |
| Vendor | enderfga |
| Product | claw-orchestrator |
| Published | Jun 1, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for enderfga claw-orchestrator
Be the first to know when new high vulnerabilities affecting enderfga claw-orchestrator are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Enderfga / claw-orchestrator
3.5.0 3.5.1 3.5.2 3.5.3 3.5.4 3.5.5
References
vuldb.com: https://vuldb.com/vuln/367574 vuldb.com: https://vuldb.com/vuln/367574/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10281 vuldb.com: https://vuldb.com/submit/825429 github.com: https://github.com/Enderfga/claw-orchestrator/issues/61 github.com: https://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3 github.com: https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6 github.com: https://github.com/Enderfga/claw-orchestrator/
Credits
๐ ybdesire (VulDB User)