A vulnerability was found in No-Instructions relay-server up to 0.9.6 and classified as critical . The affected element is an unknown function of the component WebSocket Endpoint . The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2026-42889 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.