Unauthenticated Auth Bypass via Rate Limiter Evasion in droidclaw Pairing API

github.com 2026-06-01查看中文 →

Security AdvisoryCriticalunitedbyai

Affected:

droidclaw <= v0.5.3

Referenced CVEs: CVE-2026-10216 · 3.7

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Hermes Agent Feishu Webhook Pre-Auth Rate-Limit Bypass DoS 2026-06-01 Hermes-Agent .env Parser Semantic Injection via Substring Splitting (RCE/Credential Theft) 2026-06-01 Unauthenticated Arbitrary User Creation (Privilege Escalation) in add_user_check.php - Broken Access Control 2026-06-01 hermes-agent Persistent Prompt Injection Bypass via Regex Evasion 2026-06-01 SQL Injection Auth Bypass in login_check.php (Admin Session Acquisition) 2026-06-01

Offline Archive

Offline screenshot & PDF are Pro-exclusive