A vulnerability classified as critical was found in STACKIT IaaS API . This affects an unknown function of the component Instance Metadata Service . Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-39910 . The attack may be performed from remote. There is no available exploit. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves. Upgrading the affected component is advised.