Authorization Bypass Vulnerability in Decolua 9Router Administrative API Endpoint
CVE-2026-5842

6.9MEDIUM

Key Information:

Vendor: Decolua
Status: 9router
Vendor: CVE Published:; 9 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5842?

A security vulnerability has been discovered in Decolua's 9Router affecting versions up to 0.3.47. The issue lies within an unspecified function of the Administrative API Endpoint, where improper permissions allow for authorization bypass. This vulnerability can be exploited remotely, potentially enabling unauthorized access to sensitive functionalities. It is recommended to upgrade to version 0.3.75 or later to effectively address this security risk, as the exploit has been publicly disclosed and may be leveraged by adversaries.

Affected Version(s)

9router 0.3.0

9router 0.3.1

9router 0.3.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5842 - Proof of Concept