CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.

Credits

Wilco van Beijnum (ElaadNL)
Jeroen van der Ham-de Vos (DIVD)

References