CVE-2025-26339

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0

Description: A missing authentication issue for a critical function in maxtime/handleRoute.lua allows an unauthenticated remote attacker to affect device confidentiality, integrity, or availability via crafted HTTP requests.

Recommendations: For versions prior to 2.11.0, update to version 2.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the handleRoute.lua function until a patch is available. Avoid using the vulnerable function to minimize the risk of exploitation.