CVE-2026-5842 MEDIUM

CVE-2026-5842: decolua 9router Administrative API Endpoint api authorization

Vendor Decolua
Product 9router
Weakness CWE-639 · IDOR
Published April 9, 2026
Last update April 13, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.

Key dates

02Disclosure timeline

April 9, 2026 CVE published
April 13, 2026 Record updated

Related vulnerabilities

04Related CVE