LOW
unitedbyai
CVE published 2026-06-01
CVE-2026-10216
A low-severity authentication weakness exists in the droidclaw project (versions up to 0.5.3) within the claim endpoint at server/src/routes/pairing.ts. The flaw allows improper restriction of excessive authentication attempts, which could facilitate brute-force or credential-stuffing attacks. The attack vector is network-based, but the CVSS attack complexity is rated high and exploitability is described [truncated]