CVE-2026-31309
Received Received - Intake

Improper Authorization in Mysterium Node Configuration

Vulnerability report for CVE-2026-31309, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: MITRE

Description

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mysterium_network mysterium_node 1.36.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper authorization issue in the /tequilapi/config/user endpoint of Mysterium Node versions before v1.36.0. It allows unauthenticated attackers to send a specially crafted POST request to arbitrarily overwrite the node's configuration.

By exploiting this, an attacker can achieve a full takeover of the node.

Impact Analysis

The impact of this vulnerability is severe because it allows an unauthenticated attacker to fully take over the affected Mysterium Node.

  • Arbitrary overwriting of the node's configuration.
  • Complete control over the node by the attacker.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31309. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart