CVE-2026-55501 | decolua 9router up to 0.4.79 Login Rate Limiter loginLimiter.js X-Forwarded-For missing authentication
A vulnerability described as critical has been identified in decolua 9router up to 0.4.79. This affects an unknown part of the file src/lib/auth/loginLimiter.js of the component Login Rate Limiter. Such manipulation of the argument X-Forwarded-For leads to missing authentication.
This vulnerability is uniquely identified as CVE-2026-55501. The attack can be launched remotely. No exploit exists.