Vendor
A critical missing authorization vulnerability (CVE-2026-15541) exists in the `Server.Handle` function of the `Master Websocket Handler` component within `will-moss Isaiah` versions up to 1.36.9, allowing a remote attacker to bypass authorization controls by manipulating the `Agent` argument, potentially leading to unauthorized access or privilege escalation.