Vendor
An authenticated user can escalate privileges to full administrative control in Neko versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 due to CVE-2026-39386, leading to complete compromise of the instance.