CVE-2026-10281

Source
https://cve.org/CVERecord?id=CVE-2026-10281
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10281.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10281
Aliases
Published
2026-06-01T18:15:10.669Z
Modified
2026-07-09T13:56:44.615882550Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication
Details

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "3.5.0"
                },
                {
                    "last_affected": "3.5.0"
                },
                {
                    "introduced": "3.5.1"
                },
                {
                    "last_affected": "3.5.1"
                },
                {
                    "introduced": "3.5.2"
                },
                {
                    "last_affected": "3.5.2"
                },
                {
                    "introduced": "3.5.3"
                },
                {
                    "last_affected": "3.5.3"
                },
                {
                    "introduced": "3.5.4"
                },
                {
                    "last_affected": "3.5.4"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10281.json",
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/enderfga/claw-orchestrator

Affected ranges

Type
GIT
Repo
https://github.com/enderfga/claw-orchestrator
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.5.5"
        },
        {
            "last_affected": "3.5.5"
        }
    ]
}

Affected versions

3.*
3.5.5
v3.*
v3.5.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10281.json"