CVE-2026-31309

HIGH

Mysterium Node < 1.36.0 - Unauthenticated Configuration Overwrite and Node Takeover via /tequilapi/config/user Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-31309. PoCs published by Sch8ill.

AI-analyzed exploit summary The repository describes a broken access control vulnerability in Mysterium Node's `/tequilapi/config/user` endpoint, allowing unauthenticated attackers to overwrite node configuration via a crafted POST request. However, it lacks a functional PoC (e.g., `config.json` template or exploit code) and only provides a basic `curl` command skeleton.

Description

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

Exploits (1)

github STUB
by Sch8ill · poc
https://github.com/Sch8ill/CVE-2026-31309

The repository describes a broken access control vulnerability in Mysterium Node's `/tequilapi/config/user` endpoint, allowing unauthenticated attackers to overwrite node configuration via a crafted POST request. However, it lacks a functional PoC (e.g., `config.json` template or exploit code) and only provides a basic `curl` command skeleton.

Classification
Stub 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Mysterium Node before version 1.36.0
No auth needed
Prerequisites: Network access to the target Mysterium Node's `/tequilapi/config/user` endpoint · Knowledge of valid configuration parameters to overwrite
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

Scores

CVSS v3 7.5
EPSS 0.0037
EPSS Percentile 28.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Published Jul 08, 2026
Tracked Since Jul 09, 2026