CVE-2026-10269

MEDIUM

decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

Title source: cna

Description

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to version 0.4.1 is capable of addressing this issue. The identifier of the patch is 428e2c045cb9c0eb8080e8b580471a9c2eaa95ca. Upgrading the affected component is recommended.

References (8)

Core 8

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367548 | decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

https://vuldb.com/vuln/367548

Signature, Permissions Required signature permissions-required

VDB-367548 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/367548/cti

Third Party Advisory third-party-advisory

CVE-2026-10269 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10269

Third Party Advisory third-party-advisory

Submit #825188 | decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error

https://vuldb.com/submit/825188

Issue Tracking issue-tracking

https://github.com/decolua/9router/issues/742

Patch patch

https://github.com/decolua/9router/commit/428e2c045cb9c0eb8080e8b580471a9c2eaa95ca

View Patch ZIP pw:eip

Patch patch

https://github.com/decolua/9router/releases/tag/v0.4.1

Product product

https://github.com/decolua/9router/

Scores

CVSS v3 6.3

EPSS 0.0028

EPSS Percentile 19.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-266 CWE-285

Status published

Products (5)

decolua/9router 0.1

decolua/9router 0.2

decolua/9router 0.3

decolua/9router 0.4.0

decolua/9router 0.4.1

Published Jun 01, 2026

Tracked Since Jun 01, 2026