CVE-2026-15541

Summary

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
will-mossIsaiah1.36.0affected
will-mossIsaiah1.36.1affected
will-mossIsaiah1.36.2affected
will-mossIsaiah1.36.3affected
will-mossIsaiah1.36.4affected
will-mossIsaiah1.36.5affected
will-mossIsaiah1.36.6affected
will-mossIsaiah1.36.7affected
will-mossIsaiah1.36.8affected
will-mossIsaiah1.36.9affected

Weaknesses

  • CWE-862: Missing Authorization
  • CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References