decolua 9router 0.3.47 Auth Bypass via /api Admin API
CVE-2026-5842 Published on April 9, 2026
decolua 9router Administrative API Endpoint api authorization
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is an Insecure Direct Object Reference / IDOR Vulnerability?
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2026-5842 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-5842 has been classified to as an AuthZ vulnerability or weakness.
Affected Versions
decolua 9router:- Version 0.3.0 is affected.
- Version 0.3.1 is affected.
- Version 0.3.2 is affected.
- Version 0.3.3 is affected.
- Version 0.3.4 is affected.
- Version 0.3.5 is affected.
- Version 0.3.6 is affected.
- Version 0.3.7 is affected.
- Version 0.3.8 is affected.
- Version 0.3.9 is affected.
- Version 0.3.10 is affected.
- Version 0.3.11 is affected.
- Version 0.3.12 is affected.
- Version 0.3.13 is affected.
- Version 0.3.14 is affected.
- Version 0.3.15 is affected.
- Version 0.3.16 is affected.
- Version 0.3.17 is affected.
- Version 0.3.18 is affected.
- Version 0.3.19 is affected.
- Version 0.3.20 is affected.
- Version 0.3.21 is affected.
- Version 0.3.22 is affected.
- Version 0.3.23 is affected.
- Version 0.3.24 is affected.
- Version 0.3.25 is affected.
- Version 0.3.26 is affected.
- Version 0.3.27 is affected.
- Version 0.3.28 is affected.
- Version 0.3.29 is affected.
- Version 0.3.30 is affected.
- Version 0.3.31 is affected.
- Version 0.3.32 is affected.
- Version 0.3.33 is affected.
- Version 0.3.34 is affected.
- Version 0.3.35 is affected.
- Version 0.3.36 is affected.
- Version 0.3.37 is affected.
- Version 0.3.38 is affected.
- Version 0.3.39 is affected.
- Version 0.3.40 is affected.
- Version 0.3.41 is affected.
- Version 0.3.42 is affected.
- Version 0.3.43 is affected.
- Version 0.3.44 is affected.
- Version 0.3.45 is affected.
- Version 0.3.46 is affected.
- Version 0.3.47 is affected.
- Version 0.3.75 is unaffected.