CVE-2026-15541
Received Received - Intake

Missing Authorization in Isaiah via Master Websocket Handler

Vulnerability report for CVE-2026-15541, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch the attack remotely. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
will-moss isaiah to 1.36.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2026-15541, is an authentication bypass flaw in the Isaiah software up to version 1.36.9. It occurs in the Master Websocket Handler component, specifically in the Server.Handle function. The issue arises because commands forwarded to Agent nodes are not properly authenticated before being processed. An attacker can manipulate the Agent argument in a command sent to the Master websocket endpoint, causing the system to forward the command to the Agent without verifying the client's authentication status. This allows unauthorized users to bypass normal authentication checks and interact with Agent nodes remotely.

Impact Analysis

The impact of this vulnerability is significant, especially in environments where Agent authentication is disabled, weak, or compromised. An attacker exploiting this flaw can gain unauthorized access to Docker resources managed by the Isaiah application. This includes the ability to read container metadata, access logs, and perform management actions on Docker containers and other resources. Essentially, it allows remote attackers to control or gather sensitive information from Docker nodes without proper authorization.

Detection Guidance

This vulnerability involves an authentication bypass in the Agent forwarding path of the Isaiah software, where unauthenticated clients can send commands with an Agent field set to the Master's /ws endpoint, causing unauthorized forwarding before authentication checks.

To detect this vulnerability on your system or network, monitor WebSocket traffic to the /ws endpoint of the Isaiah Master server for unauthenticated commands containing the Agent argument.

You can use network monitoring tools like tcpdump or Wireshark to capture WebSocket frames and filter for suspicious Agent field usage without prior authentication.

  • Use tcpdump to capture traffic on the relevant port (e.g., 8080): tcpdump -i <interface> -w capture.pcap port <isaiah_port>
  • Analyze the capture with Wireshark, filtering for WebSocket frames to the /ws endpoint and inspect payloads for commands containing the Agent argument.
  • Check Isaiah server logs (if enabled) for any unauthenticated requests that include the Agent field or unusual forwarding behavior.

Since the vulnerability is related to missing authorization before forwarding Agent commands, any unauthenticated WebSocket session forwarding such commands indicates the presence of the issue.

Mitigation Strategies

The immediate mitigation step is to ensure that the Isaiah Master websocket sessions require authentication before forwarding any commands to Agent nodes.

If possible, update Isaiah to a version that includes the fix from the merged pull request which enforces authentication before forwarding Agent commands.

Until the fix is applied, restrict access to the Isaiah Master /ws endpoint to trusted and authenticated users only, for example by network segmentation or firewall rules.

  • Apply network-level access controls to limit who can connect to the Isaiah Master websocket endpoint.
  • Disable or strengthen Agent authentication to prevent unauthorized access even if the forwarding bypass is exploited.

Monitor for suspicious activity and consider temporarily disabling multi-node or Agent forwarding features if they are not essential.

Compliance Impact

The vulnerability allows an authentication bypass in the Agent forwarding path, potentially enabling unauthorized access to Docker resources such as container metadata, logs, and management actions. This unauthorized access could lead to exposure or manipulation of sensitive data.

Such unauthorized access and potential data exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive information.

By allowing unauthenticated commands to be forwarded and executed, the vulnerability undermines the security controls necessary to meet these regulatory requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15541. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart