CVE-2026-5842
decolua 9router Administrative API Endpoint api authorization
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
13th
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.
| CWE | CWE-639 CWE-285 |
| Vendor | decolua |
| Product | 9router |
| Published | Apr 9, 2026 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for decolua 9router
Be the first to know when new high vulnerabilities affecting decolua 9router are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
decolua / 9router
0.3.0 0.3.1 0.3.2 0.3.3 0.3.4 0.3.5 0.3.6 0.3.7 0.3.8 0.3.9 0.3.10 0.3.11 0.3.12 0.3.13 0.3.14 0.3.15 0.3.16 0.3.17 0.3.18 0.3.19 0.3.20 0.3.21 0.3.22 0.3.23 0.3.24 0.3.25 0.3.26 0.3.27 0.3.28 0.3.29 0.3.30 0.3.31 0.3.32 0.3.33 0.3.34 0.3.35 0.3.36 0.3.37 0.3.38 0.3.39 0.3.40 0.3.41 0.3.42 0.3.43 0.3.44 0.3.45 0.3.46 0.3.47
References
vuldb.com: https://vuldb.com/vuln/356298 vuldb.com: https://vuldb.com/vuln/356298/cti vuldb.com: https://vuldb.com/submit/790003 github.com: https://github.com/decolua/9router/issues/431 github.com: https://github.com/decolua/9router/issues/431#issuecomment-4140163867 github.com: https://github.com/deepcat1337/Free_Api_Exploit/tree/main github.com: https://github.com/decolua/9router/releases/tag/v0.3.75 github.com: https://github.com/decolua/9router/
Credits
๐ cyberthoth (VulDB User)