CVE-2026-10291
Inefficient Regular Expression Complexity in Enderfga Claw-Orchestrator
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| enderfga | claw-orchestrator | to 3.7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Enderfga claw-orchestrator software up to version 3.7.0, specifically in the function validateRegex within the Session Grep Endpoint component. The issue arises from the manipulation of the argument body.pattern, which leads to inefficient regular expression complexity. This means that an attacker can craft a pattern that causes the system to perform excessive processing, potentially degrading performance or causing denial of service.
The vulnerability can be exploited remotely, and upgrading to version 3.7.1 resolves the issue.
How can this vulnerability impact me? :
The vulnerability can lead to inefficient processing of regular expressions, which may cause performance degradation or denial of service in the affected system. Since the attack can be initiated remotely, an attacker could exploit this to disrupt the availability of the service running the claw-orchestrator component.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade the affected Enderfga claw-orchestrator component to version 3.7.1.