A vulnerability, which was classified as critical, was found in will-moss Isaiah up to 1.36.9. The impacted element is the function
Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization.
This vulnerability is registered as CVE-2026-15541. It is possible to launch the attack remotely. No exploit is available.
The pull request to fix this issue awaits acceptance.