CVE-2026-10216

LOW

unitedbyai droidclaw claim Endpoint pairing.ts excessive authentication

Title source: cna

Description

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References (7)

Core 7

Core References

Vdb Entry vdb-entry

VDB-367495 | unitedbyai droidclaw claim Endpoint pairing.ts excessive authentication

https://vuldb.com/vuln/367495

Signature, Permissions Required signature permissions-required

VDB-367495 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/367495/cti

Third Party Advisory third-party-advisory

CVE-2026-10216 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10216

Third Party Advisory third-party-advisory

Submit #821936 | unitedbyai droidclaw <= v0.5.3 Improper Restriction of Excessive Authentication Attempts (CWE-307)

https://vuldb.com/submit/821936

Issue Tracking issue-tracking

https://github.com/unitedbyai/droidclaw/issues/14

Exploit exploit

https://gist.github.com/YLChen-007/2639ccaefd55ef4309953b76bc4c737e/raw

Product product

https://github.com/unitedbyai/droidclaw/

Scores

CVSS v3 3.7

EPSS 0.0041

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-307 CWE-799

Status published

Products (4)

unitedbyai/droidclaw 0.5.0

unitedbyai/droidclaw 0.5.1

unitedbyai/droidclaw 0.5.2

unitedbyai/droidclaw 0.5.3

Published Jun 01, 2026

Tracked Since Jun 01, 2026