CVE-2026-10291
Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos
CVSS Score
4.3
EPSS Score
0.1%
EPSS Percentile
19th
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 3.7.1 is sufficient to resolve this issue. The identifier of the patch is 3f970a974c65a94555c25af9f2796f11315e4584. It is recommended to upgrade the affected component.
| CWE | CWE-1333 CWE-400 |
| Vendor | enderfga |
| Product | claw-orchestrator |
| Published | Jun 1, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for enderfga claw-orchestrator
Be the first to know when new medium vulnerabilities affecting enderfga claw-orchestrator are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Enderfga / claw-orchestrator
3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7.0
References
vuldb.com: https://vuldb.com/vuln/367584 vuldb.com: https://vuldb.com/vuln/367584/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10291 vuldb.com: https://vuldb.com/submit/826222 github.com: https://github.com/Enderfga/claw-orchestrator/issues/64 github.com: https://github.com/Enderfga/claw-orchestrator/issues/64#issuecomment-4421942196 github.com: https://github.com/Enderfga/claw-orchestrator/commit/3f970a974c65a94555c25af9f2796f11315e4584 github.com: https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.7.1 github.com: https://github.com/Enderfga/claw-orchestrator/
Credits
๐ ybdesire (VulDB User)