Skip to main content

droidclaw CVE-2026-10216

| EUVD-2026-33537 LOW
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-06-01 VulDB GHSA-g45j-9379-j77g
Information Disclosure Droidclaw
2.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.9 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 01, 2026 - 04:24 vuln.today
CVSS changed
Jun 01, 2026 - 04:22 NVD
3.7 (LOW) 2.9 (LOW)

DescriptionCVE.org

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Missing brute-force protection on the claim endpoint in unitedbyai droidclaw (all versions up to 0.5.3) allows unauthenticated remote attackers to submit unlimited authentication attempts against the device pairing flow, potentially enumerating or compromising pairing credentials. The root cause is CWE-307 - absent rate limiting or lockout logic in server/src/routes/pairing.ts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed droidclaw server port
Delivery
Send automated POST requests to /claim endpoint
Exploit
Exploit absent rate limiting (CWE-307)
Execution
Brute-force pairing token values
Impact
Extract low-confidentiality pairing data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The claim endpoint in server/src/routes/pairing.ts must be network-accessible to the attacker - this is the primary prerequisite (AV:N confirmed by CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall risk is low-to-moderate despite the presence of a public POC. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a droidclaw server instance sends a high volume of automated POST requests to the /claim endpoint, cycling through candidate pairing tokens or credentials without triggering any lockout or throttling mechanism. Because no rate limiting exists per CWE-307, the attacker can enumerate valid pairing values at network speed, eventually obtaining a token that grants low-level access to pairing-related data exposed by the vulnerable component. …
Remediation No vendor-released patch has been identified at time of analysis; the maintainer has not responded to the GitHub issue disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10216 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy