Authorization Flaw in will-moss Isaiah Websocket Handler
CVE-2026-15541

6.9MEDIUM

Key Information:

Vendor

Will-moss

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-15541?

A security flaw exists in the will-moss Isaiah product, affecting versions up to 1.36.9. This vulnerability is located within the Server.Handle function in the Master Websocket Handler component, specifically the server.go file. An attacker can manipulate the Agent argument, which may lead to missing authorization controls, allowing for potential remote exploitation. A pull request to address this issue is currently pending approval.

Affected Version(s)

Isaiah 1.36.0

Isaiah 1.36.1

Isaiah 1.36.2

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem0000000 (VulDB User)
VulDB CNA Team
.