Platform
linux
Component
9router
Opgelost in
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18
0.3.19
0.3.20
0.3.21
0.3.22
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.30
0.3.31
0.3.32
0.3.33
0.3.34
0.3.35
0.3.36
0.3.37
0.3.38
0.3.39
0.3.40
0.3.41
0.3.42
0.3.43
0.3.44
0.3.45
0.3.46
0.3.47
0.3.75
A security vulnerability has been identified in decolua 9router versions 0.3.0 to 0.3.47. This vulnerability allows for authorization bypass, potentially granting attackers unauthorized access to the system. The issue resides within an unknown function of the /api file within the Administrative API Endpoint component. Affected users should upgrade to version 0.3.75 to mitigate this risk.
Successful exploitation of CVE-2026-5842 allows a remote attacker to bypass authorization controls within the 9router Administrative API Endpoint. This could lead to complete compromise of the 9router device, enabling the attacker to modify configurations, access sensitive data, and potentially pivot to other systems on the network. The ability to bypass authentication significantly expands the attack surface and increases the potential for data breaches and system disruption. The public disclosure of this vulnerability increases the likelihood of exploitation.
This vulnerability is publicly disclosed and has a HIGH CVSS score of 7.3. The public availability of exploit details increases the risk of exploitation. The vulnerability has been added to the CISA KEV catalog, indicating a heightened concern for federal agencies and critical infrastructure. Active campaigns targeting 9router are not currently confirmed, but the public nature of the vulnerability warrants immediate attention.
Organizations utilizing 9router in their network infrastructure, particularly those with exposed administrative interfaces, are at risk. Environments with limited network segmentation or weak access controls are especially vulnerable. Shared hosting environments utilizing 9router may also be affected, as vulnerabilities in shared components can impact multiple users.
• linux / server:
journalctl -u 9router -g 'authentication bypass' --since "1 day ago"• generic web:
curl -I <9router_ip>/api | grep -i 'WWW-Authenticate'disclosure
patch
Exploit Status
EPSS
0.06% (18% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-5842 is to upgrade 9router to version 0.3.75 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing temporary workarounds such as restricting network access to the Administrative API Endpoint to trusted sources only. Monitor API logs for suspicious activity and implement strict access controls. After upgrading, confirm the vulnerability is resolved by attempting to access administrative functions without proper authentication and verifying access is denied.
Actualice el componente 9router a la versión 0.3.75 o superior para solucionar la vulnerabilidad de bypass de autorización en la API administrativa. Esta actualización corrige el problema permitiendo un acceso más seguro a la API. Consulte la documentación del proveedor para obtener instrucciones detalladas sobre cómo actualizar.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-5842 is a HIGH severity vulnerability in 9router versions 0.3.0 through 0.3.47 that allows remote attackers to bypass authorization controls and gain unauthorized access.
If you are running 9router versions 0.3.0 through 0.3.47, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade 9router to version 0.3.75 or later to resolve this vulnerability. If immediate upgrade is not possible, implement temporary access restrictions.
While active campaigns are not confirmed, the public disclosure of this vulnerability increases the likelihood of exploitation. Monitor your systems closely.
Refer to the decolua security advisories for the latest information and updates regarding CVE-2026-5842.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.