CVE-2019-9673

HIGH

Freenet 1483 - Remote Code Execution via MIME Type Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9673. PoCs published by mgrube.

AI-analyzed exploit summary This repository contains a detailed writeup of CVE-2019-9673, a MIME type handling vulnerability in Freenet that allows de-anonymization and delivery of malicious content. The exploit leverages Firefox's MIME sniffing behavior when the Content-Encoding header is missing, bypassing Freenet's content filters.

Description

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.

Exploits (1)

nomisec WRITEUP 4 stars
by mgrube · poc
https://github.com/mgrube/CVE-2019-9673

This repository contains a detailed writeup of CVE-2019-9673, a MIME type handling vulnerability in Freenet that allows de-anonymization and delivery of malicious content. The exploit leverages Firefox's MIME sniffing behavior when the Content-Encoding header is missing, bypassing Freenet's content filters.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Freenet versions through 1483
No auth needed
Prerequisites: Freenet version 1483 or earlier · Firefox browser · Victim interaction (e.g., clicking a link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://freenetproject.org
Exploit, Third Party Advisory x_refsource_misc
https://github.com/mgrube/CVE-2019-9673

Scores

CVSS v3 8.8
EPSS 0.1567
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-19
Status published
Products (1)
freenetproject/freenet 0.7.5 1472 (8 CPE variants)
Published Jun 05, 2019
Tracked Since Feb 18, 2026