CVE-2026-5842

Summary

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
decolua9router0.3.0affected
decolua9router0.3.1affected
decolua9router0.3.2affected
decolua9router0.3.3affected
decolua9router0.3.4affected
decolua9router0.3.5affected
decolua9router0.3.6affected
decolua9router0.3.7affected
decolua9router0.3.8affected
decolua9router0.3.9affected
decolua9router0.3.10affected
decolua9router0.3.11affected
decolua9router0.3.12affected
decolua9router0.3.13affected
decolua9router0.3.14affected
decolua9router0.3.15affected
decolua9router0.3.16affected
decolua9router0.3.17affected
decolua9router0.3.18affected
decolua9router0.3.19affected
decolua9router0.3.20affected
decolua9router0.3.21affected
decolua9router0.3.22affected
decolua9router0.3.23affected
decolua9router0.3.24affected
decolua9router0.3.25affected
decolua9router0.3.26affected
decolua9router0.3.27affected
decolua9router0.3.28affected
decolua9router0.3.29affected
decolua9router0.3.30affected
decolua9router0.3.31affected
decolua9router0.3.32affected
decolua9router0.3.33affected
decolua9router0.3.34affected
decolua9router0.3.35affected
decolua9router0.3.36affected
decolua9router0.3.37affected
decolua9router0.3.38affected
decolua9router0.3.39affected
decolua9router0.3.40affected
decolua9router0.3.41affected
decolua9router0.3.42affected
decolua9router0.3.43affected
decolua9router0.3.44affected
decolua9router0.3.45affected
decolua9router0.3.46affected
decolua9router0.3.47affected
decolua9router0.3.75unaffected

Weaknesses

  • CWE-639: Authorization Bypass
  • CWE-285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References