CVE-2026-0397

Name of the Vulnerable Software and Affected Versions Versions (affected versions not specified)

Description A misconfiguration of the Cross-Origin Resource Sharing (CORS) policy exists when the internal webserver is enabled. An attacker may be able to trick an administrator logged into the dashboard into visiting a malicious website, potentially allowing the extraction of information about the running configuration from the dashboard. CORS (Cross-Origin Resource Sharing) is a browser security mechanism that restricts web pages from making requests to a different domain than the one which served the web page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.