Description
A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance.
Problem types
Product status
1.36.1
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.36.9
Timeline
| 2026-07-12: | Advisory disclosed |
| 2026-07-12: | VulDB entry created |
| 2026-07-12: | VulDB entry last update |
Credits
Dem0000000 (VulDB User)
VulDB CNA Team
References
vuldb.com/vuln/377891 (VDB-377891 | will-moss Isaiah Master Websocket server.go Server.Handle authorization)
vuldb.com/vuln/377891/cti (VDB-377891 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15541 (CVE-2026-15541 | CVE Analysis and Report)
vuldb.com/submit/855074 (Submit #855074 | will-moss Isaiah 1.36.9 CWE-862 Missing Authorization)
github.com/will-moss/isaiah/issues/34
github.com/will-moss/isaiah/pull/35
github.com/will-moss/isaiah/