Home
CRITICAL: 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
Any version before 1.5.1
affected
Description
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
Any version before 1.5.1
Credits
Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)
References
csirt.divd.nl/DIVD-2026-00001/