MEDIUM
decolua
CVE published 2026-06-01
CVE-2026-10269
A medium-severity improper authorization vulnerability in decolua 9router's HTTP Header Handler allows remote attackers to bypass authentication by manipulating the Host header in requests to the isAuthenticated function within src/dashboardGuard.js. The flaw exists in versions up to and including 0.4.0. A fix is available in version 0.4.1 via commit 428e2c045cb9c0eb8080e8b580471a9c2eaa95ca. The vulnerabi [truncated]