Authorization Flaw in will-moss Isaiah Websocket Handler
CVE-2026-15541
6.9MEDIUM
What is CVE-2026-15541?
A security flaw exists in the will-moss Isaiah product, affecting versions up to 1.36.9. This vulnerability is located within the Server.Handle function in the Master Websocket Handler component, specifically the server.go file. An attacker can manipulate the Agent argument, which may lead to missing authorization controls, allowing for potential remote exploitation. A pull request to address this issue is currently pending approval.
Affected Version(s)
Isaiah 1.36.0
Isaiah 1.36.1
Isaiah 1.36.2
