CVE-2026-10216

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.7 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-307

Source

NVD

Vendor

unitedbyai

Product

droidclaw

External References

https://gist.github.com/YLChen-007/2639ccaefd55ef4309953b76bc4c737e/raw
https://github.com/unitedbyai/droidclaw/
https://github.com/unitedbyai/droidclaw/issues/14
https://vuldb.com/cve/CVE-2026-10216
https://vuldb.com/submit/821936
https://vuldb.com/vuln/367495
https://vuldb.com/vuln/367495/cti

CVE-2026-10216

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment