decolua 9router Administrative API Endpoint api authorization_CVE-2026-5842

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.

Basic Information

ID CVE-2026-5842

Source VulDB

Published Apr 9, 2026 at 04:30

Affected Product

Vendor decolua

Product 9router

Version 0.3.0

Affected Versions decolua 9router 0.3.0
decolua 9router 0.3.1
decolua 9router 0.3.2
decolua 9router 0.3.3
decolua 9router 0.3.4
decolua 9router 0.3.5
decolua 9router 0.3.6
decolua 9router 0.3.7
decolua 9router 0.3.8
decolua 9router 0.3.9
decolua 9router 0.3.10
decolua 9router 0.3.11
decolua 9router 0.3.12
decolua 9router 0.3.13
decolua 9router 0.3.14
decolua 9router 0.3.15
decolua 9router 0.3.16
decolua 9router 0.3.17
decolua 9router 0.3.18
decolua 9router 0.3.19
decolua 9router 0.3.20
decolua 9router 0.3.21
decolua 9router 0.3.22
decolua 9router 0.3.23
decolua 9router 0.3.24
decolua 9router 0.3.25
decolua 9router 0.3.26
decolua 9router 0.3.27
decolua 9router 0.3.28
decolua 9router 0.3.29
decolua 9router 0.3.30
decolua 9router 0.3.31
decolua 9router 0.3.32
decolua 9router 0.3.33
decolua 9router 0.3.34
decolua 9router 0.3.35
decolua 9router 0.3.36
decolua 9router 0.3.37
decolua 9router 0.3.38
decolua 9router 0.3.39
decolua 9router 0.3.40
decolua 9router 0.3.41
decolua 9router 0.3.42
decolua 9router 0.3.43
decolua 9router 0.3.44
decolua 9router 0.3.45
decolua 9router 0.3.46
decolua 9router 0.3.47

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.",
    "published": "2026-04-09T04:30:17.225Z",
    "modified": "2026-04-09T04:30:17.225Z",
    "type": "cve",
    "title": "decolua 9router Administrative API Endpoint api authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356298\nhttps://vuldb.com/vuln/356298/cti\nhttps://vuldb.com/submit/790003\nhttps://github.com/decolua/9router/issues/431\nhttps://github.com/decolua/9router/issues/431#issuecomment-4140163867\nhttps://github.com/deepcat1337/Free_Api_Exploit/tree/main\nhttps://github.com/decolua/9router/releases/tag/v0.3.75\nhttps://github.com/decolua/9router/",
    "id": "CVE-2026-5842",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "decolua 9router 0.3.0\ndecolua 9router 0.3.1\ndecolua 9router 0.3.2\ndecolua 9router 0.3.3\ndecolua 9router 0.3.4\ndecolua 9router 0.3.5\ndecolua 9router 0.3.6\ndecolua 9router 0.3.7\ndecolua 9router 0.3.8\ndecolua 9router 0.3.9\ndecolua 9router 0.3.10\ndecolua 9router 0.3.11\ndecolua 9router 0.3.12\ndecolua 9router 0.3.13\ndecolua 9router 0.3.14\ndecolua 9router 0.3.15\ndecolua 9router 0.3.16\ndecolua 9router 0.3.17\ndecolua 9router 0.3.18\ndecolua 9router 0.3.19\ndecolua 9router 0.3.20\ndecolua 9router 0.3.21\ndecolua 9router 0.3.22\ndecolua 9router 0.3.23\ndecolua 9router 0.3.24\ndecolua 9router 0.3.25\ndecolua 9router 0.3.26\ndecolua 9router 0.3.27\ndecolua 9router 0.3.28\ndecolua 9router 0.3.29\ndecolua 9router 0.3.30\ndecolua 9router 0.3.31\ndecolua 9router 0.3.32\ndecolua 9router 0.3.33\ndecolua 9router 0.3.34\ndecolua 9router 0.3.35\ndecolua 9router 0.3.36\ndecolua 9router 0.3.37\ndecolua 9router 0.3.38\ndecolua 9router 0.3.39\ndecolua 9router 0.3.40\ndecolua 9router 0.3.41\ndecolua 9router 0.3.42\ndecolua 9router 0.3.43\ndecolua 9router 0.3.44\ndecolua 9router 0.3.45\ndecolua 9router 0.3.46\ndecolua 9router 0.3.47",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "9router",
    "version": "0.3.0",
    "vendor": "decolua",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}