CVE-2026-31309
Published Jul 8, 2026
Description
Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.
References
Other References
https://github.com/mysteriumnetwork/node/
https://github.com/mysteriumnetwork/node/blob/1.35.5/tequilapi/tequil/routes.go#L26
https://github.com/mysteriumnetwork/node/commit/83051199cd641dd4ed9057b958e5616df1309f19
https://github.com/mysteriumnetwork/node/commit/bc099fcaff59fee9c8a8f8e07ffff5b3c5df2bb9
https://github.com/mysteriumnetwork/node/releases/tag/1.35.5
https://github.com/mysteriumnetwork/node/releases/tag/1.36.0
https://github.com/sch8ill/CVE-2026-31309
Frequently Asked Questions
What is CVE-2026-31309? +
Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.
How do I check if I'm vulnerable to CVE-2026-31309? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.