Perceptive Security
SOC/SIEM Consultancy
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the com…
Published:
31 May 2026 at 22:00:00
Alert date:
1 June 2026 at 20:04:42
Source:
nvd.nist.gov
Web Technologies, Identity & Access
A critical authentication bypass vulnerability (CVE-2026-10281) has been identified in Enderfga claw-orchestrator versions up to 3.5.5. The vulnerability affects the EmbeddedServer function in src/embedded-server.ts of the API Endpoint component, causing missing authentication. The attack can be initiated remotely and a public exploit is available. The vulnerability has been patched in version 3.5.6 with commit d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. Immediate upgrade is recommended due to the public availability of the exploit.
Technical details
Mitigation steps:
Affected products:
Enderfga claw-orchestrator
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-10281
https://github.com/Enderfga/claw-orchestrator/
https://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3
https://github.com/Enderfga/claw-orchestrator/issues/61
https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6
https://vuldb.com/cve/CVE-2026-10281
https://vuldb.com/submit/825429
https://vuldb.com/vuln/367574
https://vuldb.com/vuln/367574/cti
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.