PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31309 Mysterium Network CVE debrief

CVE-2026-31309 is a critical vulnerability in Mysterium Node versions from v1.21.1-rc0 before v1.36.0. The issue lies in improper authorization in the /tequilapi/config/user endpoint, allowing an unauthenticated attacker to overwrite node configuration via a crafted POST request, potentially leading to full node takeover. This vulnerability has a CVSS score of 9.8, indicating a high severity level. Users of Mysterium Node should be aware of this critical vulnerability and take immediate action to prevent potential full node takeovers.

Vendor
Mysterium Network
Product
Mysterium Node
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-16
Advisory published
2026-07-08
Advisory updated
2026-07-16

Who should care

Users of Mysterium Node, especially those running versions between v1.21.1-rc0 and v1.36.0, should be aware of this critical vulnerability. Immediate action is recommended to prevent potential full node takeovers. Operators, platform administrators, and security teams should review the vulnerability details and plan for remediation.

Technical summary

The vulnerability CVE-2026-31309, with a CVSS score of 9.8, is caused by improper authorization in the /tequilapi/config/user endpoint of Mysterium Node. This issue affects versions from v1.21.1-rc0 up to but not including v1.36.0. An unauthenticated attacker can exploit this by sending a crafted POST request, which could lead to arbitrary configuration overwrite and potentially a full node takeover. The vulnerability has a high severity level, and users of Mysterium Node should take immediate action to prevent potential full node takeovers.

Defensive priority

High

Recommended defensive actions

  • Update Mysterium Node to version 1.36.0 or later immediately.
  • Restrict access to the /tequilapi/config/user endpoint.
  • Monitor node configurations for unauthorized changes.
  • Implement additional authentication mechanisms for configuration changes.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-08T22:17:13.840Z and last modified on 2026-07-16T13:16:30.707Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify node configurations and monitor for unauthorized changes.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T22:17:13.840Z and has not been modified since then. The NVD entry is currently Deferred.