CVE-2026-5842
HIGHdecolua 9router Administrative API Endpoint api authorization
Title source: cnaDescription
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.
References (8)
Core 8
Core References
Vdb Entry vdb-entry
VDB-356298 | decolua 9router Administrative API Endpoint api authorization
https://vuldb.com/vuln/356298
Signature, Permissions Required signature
permissions-required
VDB-356298 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/356298/cti
Third Party Advisory third-party-advisory
Submit #790003 | 9Router Router 0.3.47-0.3.32 Authorization Bypass
https://vuldb.com/submit/790003
Issue Tracking issue-tracking
https://github.com/decolua/9router/issues/431
Issue Tracking issue-tracking
https://github.com/decolua/9router/issues/431#issuecomment-4140163867
Product product
https://github.com/decolua/9router/
Scores
CVSS v3
7.3
EPSS
0.0031
EPSS Percentile
22.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-285
CWE-639
Status
published
Products (50)
decolua/9router
0.3.0
decolua/9router
0.3.1
decolua/9router
0.3.10
decolua/9router
0.3.11
decolua/9router
0.3.12
decolua/9router
0.3.13
decolua/9router
0.3.14
decolua/9router
0.3.15
decolua/9router
0.3.16
decolua/9router
0.3.17
... and 40 more
Published
Apr 09, 2026
Tracked Since
Apr 09, 2026