CVE-2026-10216
LOW
2,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
LOW
3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
LOW
2,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
307
Improper Restriction of Excessive Authentication Attempts
DraftCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
799
Improper Control of Interaction Frequency
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Access Control
Other
Potential Impacts:
Dos: Resource Consumption (Other)
Bypass Protection Mechanism
Other
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based, Web Server
https://gist.github.com/YLChen-007/2639ccaefd55ef4309953b76bc4c737e/raw
https://github.com/unitedbyai/droidclaw/
https://github.com/unitedbyai/droidclaw/issues/14
https://vuldb.com/cve/CVE-2026-10216
https://vuldb.com/submit/821936
https://vuldb.com/vuln/367495
https://vuldb.com/vuln/367495/cti