PatchSiren cyber security CVE debrief
CVE-2026-62312 decolua CVE debrief
CVE-2026-62312 is a high-severity vulnerability in 9Router, an AI router & token saver. The issue allows remote authenticated attackers to execute arbitrary code on the host operating system. This is achieved by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin arguments passed to child_process.spawn(). Malicious custom plugins can exploit this to execute commands through /api/mcp//sse. The vulnerability is fixed in version 0.5.2.
- Vendor
- decolua
- Product
- 9router
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-16
Who should care
Users of 9Router AI router & token saver, especially those with remote authenticated access, should be aware of this vulnerability. Administrators and security teams responsible for software management and vulnerability mitigation should prioritize patching to version 0.5.2.
Technical summary
The vulnerability in 9Router AI router & token saver allows remote authenticated attackers to execute arbitrary code on the host operating system. This is achieved through a combination of a Host header bypass of localhost-only routes and unvalidated MCP plugin arguments passed to child_process.spawn(). Malicious custom plugins can exploit this vulnerability to execute commands via /api/mcp//sse. The issue is addressed in version 0.5.2.
Defensive priority
High
Recommended defensive actions
- Patch 9Router to version 0.5.2 or later
- Restrict access to /api/mcp//sse
- Monitor for suspicious MCP plugin activity
- Implement additional authentication and authorization checks for custom plugins
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-15T21:16:55.810Z and was last modified on 2026-07-16T19:16:51.010Z. The NVD entry is currently Deferred. Limited information is available about the specific details of the vulnerability and its exploitation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T21:16:55.810Z and has not been modified since then. The NVD entry is currently Deferred.