Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication_CVE-2026-10281

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.

Basic Information

ID CVE-2026-10281

Source VulDB

Published Jun 1, 2026 at 18:15

Affected Product

Vendor Enderfga

Product claw-orchestrator

Version 3.5.0

Affected Versions Enderfga claw-orchestrator 3.5.0
Enderfga claw-orchestrator 3.5.1
Enderfga claw-orchestrator 3.5.2
Enderfga claw-orchestrator 3.5.3
Enderfga claw-orchestrator 3.5.4
Enderfga claw-orchestrator 3.5.5

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.",
    "published": "2026-06-01T18:15:10.669Z",
    "modified": "2026-06-01T18:15:10.669Z",
    "type": "cve",
    "title": "Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367574\nhttps://vuldb.com/vuln/367574/cti\nhttps://vuldb.com/cve/CVE-2026-10281\nhttps://vuldb.com/submit/825429\nhttps://github.com/Enderfga/claw-orchestrator/issues/61\nhttps://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3\nhttps://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6\nhttps://github.com/Enderfga/claw-orchestrator/",
    "id": "CVE-2026-10281",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Enderfga claw-orchestrator 3.5.0\nEnderfga claw-orchestrator 3.5.1\nEnderfga claw-orchestrator 3.5.2\nEnderfga claw-orchestrator 3.5.3\nEnderfga claw-orchestrator 3.5.4\nEnderfga claw-orchestrator 3.5.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "claw-orchestrator",
    "version": "3.5.0",
    "vendor": "Enderfga",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}