A vulnerability, which was classified as very critical, was found in decolua 9Router up to 0.4.43. Affected is an unknown function of the file /api/tunnel/tailscale-install of the component Tailscale Install Handler. Executing a manipulation of the argument sudoPassword can lead to os command injection.
This vulnerability is tracked as CVE-2026-59800. The attack can be launched remotely. No exploit exists.