CVE-2026-31309 in Mysterium Nodeinfo

Summary

by MITRE • 07/09/2026

Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthenticated attackers to arbitrarily overwrite the node's configuration and achieve a full node takeover via supplying a crafted POST request.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/09/2026

The vulnerability under discussion represents a critical authorization flaw within the Mysterium Node software ecosystem, specifically affecting versions prior to v1.36.0. This issue manifests in the tequilapi configuration user endpoint where proper access controls fail to validate incoming requests, creating an exploitable condition that allows any remote attacker to execute arbitrary configuration changes without authentication. The affected endpoint serves as a critical interface for managing node configurations and user credentials, making it a prime target for adversaries seeking to compromise the entire node infrastructure. This vulnerability directly violates fundamental security principles of access control and authorization enforcement, providing attackers with unprecedented privileges to manipulate core system parameters.

The technical implementation flaw stems from insufficient validation mechanisms within the API endpoint that processes POST requests to modify node configuration settings. When an attacker submits a crafted payload to the /tequilapi/config/user endpoint, the system fails to authenticate or authorize the request before applying the requested changes. This misconfiguration allows for arbitrary data overwrite operations that can modify critical node parameters including network configuration, security credentials, and operational settings. The flaw essentially creates a backdoor access point where any unauthenticated user can submit malicious configuration data that gets executed with the privileges of the running node process. From a cybersecurity perspective, this represents a classic case of insufficient authorization checks where the system assumes legitimate requests without proper verification of requester identity or permissions.

The operational impact of this vulnerability extends far beyond simple configuration modification, as it enables complete node compromise and potential lateral movement within network environments. Once an attacker gains access to modify node configurations, they can alter network routing settings, change authentication credentials, disable security features, or redirect traffic through malicious endpoints. This level of control allows for persistent access to the compromised node and provides a foundation for further attacks including data exfiltration, network reconnaissance, or use as a pivot point for attacking other systems within the same network infrastructure. The vulnerability essentially transforms a single compromised node into a potential command and control center for broader network infiltration activities.

Mitigation strategies should prioritize immediate patching of affected Mysterium Node installations to version 1.36.0 or later where proper authorization controls have been implemented. Organizations should also implement network segmentation and monitoring to detect unauthorized configuration changes, as well as establish robust access control policies that limit exposure of administrative endpoints to trusted networks only. Security teams should conduct thorough vulnerability assessments across all instances of the software and ensure proper API rate limiting and request validation are in place. From a compliance perspective, this vulnerability aligns with CWE-285 which addresses improper authorization issues, and maps to ATT&CK technique T1078 for valid accounts usage and T1566 for spearphishing campaigns that could leverage such vulnerabilities. Organizations should also consider implementing automated security monitoring solutions that can detect anomalous configuration change patterns and alert security teams to potential exploitation attempts.

Responsible

MITRE

Reservation

03/09/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!