A vulnerability, which was classified as critical , was found in Cleanuparr up to 2.9.9 . Impacted is the function AllowCredentials of the component API Response Handler . Such manipulation leads to origin validation error. This vulnerability is uniquely identified as CVE-2026-44184 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.