PatchSiren cyber security CVE debrief
CVE-2026-31309 Mysterium Network CVE debrief
CVE-2026-31309 is a critical vulnerability in Mysterium Node versions from v1.21.1-rc0 before v1.36.0. The issue lies in improper authorization in the /tequilapi/config/user endpoint, allowing an unauthenticated attacker to overwrite node configuration via a crafted POST request, potentially leading to full node takeover. This vulnerability has a CVSS score of 9.8, indicating a high severity level. Users of Mysterium Node should be aware of this critical vulnerability and take immediate action to prevent potential full node takeovers.
- Vendor
- Mysterium Network
- Product
- Mysterium Node
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-16
Who should care
Users of Mysterium Node, especially those running versions between v1.21.1-rc0 and v1.36.0, should be aware of this critical vulnerability. Immediate action is recommended to prevent potential full node takeovers. Operators, platform administrators, and security teams should review the vulnerability details and plan for remediation.
Technical summary
The vulnerability CVE-2026-31309, with a CVSS score of 9.8, is caused by improper authorization in the /tequilapi/config/user endpoint of Mysterium Node. This issue affects versions from v1.21.1-rc0 up to but not including v1.36.0. An unauthenticated attacker can exploit this by sending a crafted POST request, which could lead to arbitrary configuration overwrite and potentially a full node takeover. The vulnerability has a high severity level, and users of Mysterium Node should take immediate action to prevent potential full node takeovers.
Defensive priority
High
Recommended defensive actions
- Update Mysterium Node to version 1.36.0 or later immediately.
- Restrict access to the /tequilapi/config/user endpoint.
- Monitor node configurations for unauthorized changes.
- Implement additional authentication mechanisms for configuration changes.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-08T22:17:13.840Z and last modified on 2026-07-16T13:16:30.707Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify node configurations and monitor for unauthorized changes.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T22:17:13.840Z and has not been modified since then. The NVD entry is currently Deferred.