A vulnerability was found in l3montree-dev devguard up to 1.2.1 . It has been declared as critical . This vulnerability affects unknown code of the component HTTP Request Header Handler . Such manipulation leads to authentication bypass using alternate channel. This vulnerability is listed as CVE-2026-42300 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.