PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62312 decolua CVE debrief

CVE-2026-62312 is a high-severity vulnerability in 9Router, an AI router & token saver. The issue allows remote authenticated attackers to execute arbitrary code on the host operating system. This is achieved by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin arguments passed to child_process.spawn(). Malicious custom plugins can exploit this to execute commands through /api/mcp//sse. The vulnerability is fixed in version 0.5.2.

Vendor
decolua
Product
9router
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of 9Router AI router & token saver, especially those with remote authenticated access, should be aware of this vulnerability. Administrators and security teams responsible for software management and vulnerability mitigation should prioritize patching to version 0.5.2.

Technical summary

The vulnerability in 9Router AI router & token saver allows remote authenticated attackers to execute arbitrary code on the host operating system. This is achieved through a combination of a Host header bypass of localhost-only routes and unvalidated MCP plugin arguments passed to child_process.spawn(). Malicious custom plugins can exploit this vulnerability to execute commands via /api/mcp//sse. The issue is addressed in version 0.5.2.

Defensive priority

High

Recommended defensive actions

  • Patch 9Router to version 0.5.2 or later
  • Restrict access to /api/mcp//sse
  • Monitor for suspicious MCP plugin activity
  • Implement additional authentication and authorization checks for custom plugins
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-15T21:16:55.810Z and was last modified on 2026-07-16T19:16:51.010Z. The NVD entry is currently Deferred. Limited information is available about the specific details of the vulnerability and its exploitation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T21:16:55.810Z and has not been modified since then. The NVD entry is currently Deferred.