CVE-2026-10281 Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication

🗓️ 01 Jun 2026 18:15:10Reported by VulDBType

CVE-2026-10281: Enderfga claw-orchestrator EmbeddedServer missing authentication; upgrade to 3.5.6.

Reporter	Title	Published	Views	Family All 7
CNNVD	Claw Orchestrator 访问控制错误漏洞	1 Jun 202600:00	–	cnnvd
CVE	CVE-2026-10281	1 Jun 202618:15	–	cve
EUVD	EUVD-2026-33743	1 Jun 202618:15	–	euvd
NVD	CVE-2026-10281	1 Jun 202619:16	–	nvd
Positive Technologies	PT-2026-45502	1 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-10281	5 Jun 202619:34	–	redhatcve
Vulnrichment	CVE-2026-10281 Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication	1 Jun 202618:15	–	vulnrichment

[
  {
    "vendor": "Enderfga",
    "product": "claw-orchestrator",
    "versions": [
      {
        "version": "3.5.0",
        "status": "affected"
      },
      {
        "version": "3.5.1",
        "status": "affected"
      },
      {
        "version": "3.5.2",
        "status": "affected"
      },
      {
        "version": "3.5.3",
        "status": "affected"
      },
      {
        "version": "3.5.4",
        "status": "affected"
      },
      {
        "version": "3.5.5",
        "status": "affected"
      },
      {
        "version": "3.5.6",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:enderfga:claw-orchestrator:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "API Endpoint"
    ]
  }
]

Source	Link
github	www.github.com/Enderfga/claw-orchestrator/
vuldb	www.vuldb.com/vuln/367574
vuldb	www.vuldb.com/cve/CVE-2026-10281
github	www.github.com/Enderfga/claw-orchestrator/issues/61
vuldb	www.vuldb.com/submit/825429
vuldb	www.vuldb.com/vuln/367574/cti
github	www.github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6
github	www.github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3

01 Jun 2026 18:15Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

EPSS0.0041