Soumettre #825188: decolua 9router >= 0.2.72, < 0.4.1 Origin Validation Errorinformation

Titredecolua 9router >= 0.2.72, < 0.4.1 Origin Validation Error
DescriptionAn authentication bypass vulnerability exists in 9Router in versions >= 0.2.72 and < 0.4.1 due to improper origin validation using the HTTP Host header. The application incorrectly treats requests with a spoofed Host value as trusted local requests, allowing remote attackers to bypass authentication checks. This issue enables unauthorized access to sensitive API endpoints, potentially exposing API keys and allowing modification of system configuration.
La source⚠️ https://github.com/decolua/9router/issues/742
Utilisateur
 brad (UID 97565)
Soumission11/05/2026 03:49 (il y a 25 jours)
Modérer31/05/2026 16:11 (21 days later)
StatutAccepté
Entrée VulDB367548 [decolua 9router jusqu’à 0.4.0 HTTP Header src/dashboardGuard.js isAuthenticated Host élévation de privilèges]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!