Skip to main content

Mysterium Node CVE-2026-31309

| EUVDEUVD-2026-42495 CRITICAL
Missing Authorization (CWE-862)
2026-07-08 cve@mitre.org GHSA-p7gf-g6r8-g65h
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Endpoint enforces no authorization so PR:N/AC:L, exploitable over the network with a single POST (AV:N/UI:N); config overwrite yields full node control, so C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Source Code Evidence Fetched
Jul 16, 2026 - 13:28 vuln.today
Analysis Updated
Jul 16, 2026 - 13:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 16, 2026 - 13:22 vuln.today
cvss_changed
Severity Changed
Jul 16, 2026 - 13:22 NVD
HIGH CRITICAL
CVSS changed
Jul 16, 2026 - 13:22 NVD
7.5 (HIGH) 9.8 (CRITICAL)
Analysis Generated
Jul 09, 2026 - 16:42 vuln.today
CVSS changed
Jul 09, 2026 - 16:22 NVD
7.5 (HIGH)
CVE Published
Jul 08, 2026 - 22:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

AnalysisAI

Full node takeover in Mysterium Node before v1.36.0 is possible because the /tequilapi/config/user endpoint enforces no authorization (CWE-862), letting remote unauthenticated attackers submit a crafted POST request to arbitrarily overwrite the node's configuration. Because the local TequilAPI management interface shipped enabled and unsecured by default, an attacker who can reach the API can seize complete control of the node. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover exposed TequilAPI endpoint
Delivery
Send unauthenticated crafted POST to /config/user
Exploit
Bypass missing authorization check
Execution
Overwrite node configuration
Impact
Achieve full node takeover

Vulnerability AssessmentAI

Exploitation The concrete prerequisite is network reachability of the node's TequilAPI HTTP interface and specifically its /tequilapi/config/user endpoint, which pre-1.36.0 was served without authorization; on mobile/provider builds TequilAPI was enabled but not secured by default, which is the exact condition that exposes the endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans for exposed Mysterium Node TequilAPI instances and sends a single crafted POST to /tequilapi/config/user with no credentials, overwriting the node's configuration to values of their choosing. Because a public PoC exists (sch8ill/CVE-2026-31309) and CVSS reports AV:N/AC:L/PR:N/UI:N, this requires no authentication, no user interaction, and low complexity, enabling scripted mass exploitation of any internet-reachable node.
Remediation Vendor-released patch: upgrade to Mysterium Node v1.36.0 or later (https://github.com/mysteriumnetwork/node/releases/tag/1.36.0), which secures TequilAPI by default and closes the unauthorized configuration write; the relevant fix commits are 83051199cd641dd4ed9057b958e5616df1309f19 and bc099fcaff59fee9c8a8f8e07ffff5b3c5df2bb9. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Mysterium Node instances in your environment and confirm which versions are below v1.36.0; determine if TequilAPI endpoints are exposed to untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-31309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy