Home

Description

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.

PUBLISHED Reserved 2026-01-06 | Published 2026-07-13 | Updated 2026-07-13 | Assigner DIVD




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version before 1.5.1
affected

Credits

Wilco van Beijnum (ElaadNL) finder

Jeroen van der Ham-de Vos (DIVD) analyst

References

csirt.divd.nl/DIVD-2026-00001/ third-party-advisory

cve.org (CVE-2026-22096)

nvd.nist.gov (CVE-2026-22096)

Download JSON