CVE-2026-10291— Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

CVSS 4.3 · Medium Updated Jun 02, 2026

Possible ATT&CK Techniques 2AI

T1211 · Exploitation for Stealth T1496 · Resource Hijacking

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-10291

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

Source: NVD (National Vulnerability Database)

Vulnerability Description

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 3.7.1 is sufficient to resolve this issue. The identifier of the patch is 3f970a974c65a94555c25af9f2796f11315e4584. It is recommended to upgrade the affected component.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1333

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Enderfga	claw-orchestrator	3.0	`cpe:2.3:a:enderfga:claw-orchestrator::::::::`

II. Public POCs for CVE-2026-10291

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-10291

请登录查看更多情报信息。

Patches & Fixes for CVE-2026-10291 (2)

Vendor Pages for CVE-2026-10291 (1)

🔗 Release v3.7.1 — RE2 for /session/grep · Enderfga/claw-orchestrator · GitHubpatch

Other References for CVE-2026-10291 (1)

🔗 [Bug] ReDoS Vulnerability (CWE-1333) in /session/grep Endpoint via User-Controlled Regex Pattern · Issue #64 · Enderfga/claw-orchestrator Read full article issue-tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-10291

IV. Related Vulnerabilities

Same product: claw-orchestrator

CVE-2026-10281
Enderfga claw-orchestrator API Endpoint embedded-server.ts E

Same vendor: Enderfga

CVE-2026-10281
Enderfga claw-orchestrator API Endpoint embedded-server.ts E

Same weakness: CWE-1333

V. Comments for CVE-2026-10291

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-10291— Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

Possible ATT&CK Techniques 2AI

I. Basic Information for CVE-2026-10291

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-10291

III. Intelligence Information for CVE-2026-10291

Patches & Fixes for CVE-2026-10291 (2)

Vendor Pages for CVE-2026-10291 (1)

Other References for CVE-2026-10291 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-10291

Leave a comment