VYPR
Critical severity9.8NVD Advisory· Published Feb 12, 2025· Updated Jun 17, 2026

CVE-2025-26339

CVE-2025-26339

Description

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Q-Free/MaxTimellm-fuzzy2 versions
    <=2.11.0+ 1 more
    • (no CPE)range: <=2.11.0
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.