Cyber Resilience

CVE-2026-5842

Medium

Published: 09 April 2026

Published
09 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 19.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5842 is a medium-severity Improper Authorization (CWE-285) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5842 is an authorization bypass vulnerability affecting decolua 9router versions up to 0.3.47. The issue resides in an unknown function within the /api file of the Administrative API Endpoint component. This flaw, associated with CWE-285 (Improper Authorization) and CWE-639 (Authorization Bypass Through User-Controlled Key), has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as High severity.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows bypassing authorization controls, potentially granting unauthorized access to administrative functions and leading to limited impacts on confidentiality, integrity, and availability.

Mitigation is addressed by upgrading to decolua 9router version 0.3.75, as detailed in the project's GitHub release notes. Security advisories in GitHub issue #431 and related comments confirm the fix and discuss the vulnerability.

The exploit has been publicly disclosed, with a proof-of-concept available in a public GitHub repository, increasing the risk of active exploitation.

EU & UK References

Vulnerability details

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to…

more

be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 0.3.75 is sufficient to resolve this issue. It is suggested to upgrade the affected component.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authorization bypass in public-facing administrative API endpoint enables remote exploitation without credentials, directly matching T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15582Shared CWE-285, CWE-639
CVE-2026-41471Shared CWE-639
CVE-2025-58402Shared CWE-639
CVE-2026-32252Shared CWE-285
CVE-2026-24950Shared CWE-639
CVE-2026-29204Shared CWE-639
CVE-2023-53895Shared CWE-285
CVE-2026-41084Shared CWE-639
CVE-2025-25196Shared CWE-285
CVE-2025-68044Shared CWE-639

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the authorization bypass flaw through patching to version 0.3.75.

prevent

Enforces approved authorizations for access to administrative API endpoints, directly countering the authorization bypass vulnerability.

prevent

Limits privileges to only those essential for administrative functions, reducing the impact of any successful authorization bypass.

References