CVE-2026-10281
7.3 HIGHA weakness has been identified in Enderfga claw-orchestrator up to 3.5.5
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.3 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-287, CWE-306
Description
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10281
- [Other]https://github.com/Enderfga/claw-orchestrator/
- [Other]https://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3
- [Other]https://github.com/Enderfga/claw-orchestrator/issues/61
- [Other]https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6
- [Other]https://vuldb.com/cve/CVE-2026-10281
- [Other]https://vuldb.com/submit/825429
- [Other]https://vuldb.com/vuln/367574
- [Other]https://vuldb.com/vuln/367574/cti
Related CVEs
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-53868 — Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ... (7.5 HIGH)
- CVE-2026-50287 — AgenticMail gives AI agents real email addresses and phone numbers
- CVE-2026-53981 — Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)
- CVE-2026-50085 — The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker wit... (8.6 HIGH)