Skip to main content

Isaiah

2 CVEs product

Monthly

CVE-2026-15542 MEDIUM PATCH This Month

Improper WebSocket authentication in will-moss Isaiah up to version 1.36.9 permits unauthenticated remote attackers to establish authenticated WebSocket sessions against the Docker management interface. The flaw resides in app/main.go within the WebSocket Connection Authentication component, where authentication controls can be bypassed, granting access to Docker management functionality without valid credentials. No public exploit has been identified at time of analysis, and an upstream fix exists as a pending pull request (PR #36) that has not yet been merged into a released version.

Authentication Bypass Isaiah
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-15541 MEDIUM PATCH This Month

Missing authorization in Isaiah's Master WebSocket Handler allows remote unauthenticated attackers to manipulate the Agent argument in the Server.Handle function, bypassing access controls over Docker management operations. All versions of the will-moss/isaiah project up to and including 1.36.9 are affected. No public exploit or active exploitation has been identified at time of analysis; a fix pull request (#35) exists upstream but awaits acceptance.

Authentication Bypass Isaiah
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Improper WebSocket authentication in will-moss Isaiah up to version 1.36.9 permits unauthenticated remote attackers to establish authenticated WebSocket sessions against the Docker management interface. The flaw resides in app/main.go within the WebSocket Connection Authentication component, where authentication controls can be bypassed, granting access to Docker management functionality without valid credentials. No public exploit has been identified at time of analysis, and an upstream fix exists as a pending pull request (PR #36) that has not yet been merged into a released version.

Authentication Bypass Isaiah
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Missing authorization in Isaiah's Master WebSocket Handler allows remote unauthenticated attackers to manipulate the Agent argument in the Server.Handle function, bypassing access controls over Docker management operations. All versions of the will-moss/isaiah project up to and including 1.36.9 are affected. No public exploit or active exploitation has been identified at time of analysis; a fix pull request (#35) exists upstream but awaits acceptance.

Authentication Bypass Isaiah
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy