{"id":"CVE-2026-31309","details":"Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows an unauthenticated attacker to arbitrarily overwrite the node's configuration and achieve a full node takeover via a crafted POST request.","modified":"2026-07-17T03:46:11.283463354Z","published":"2026-07-08T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31309.json"},"references":[{"type":"WEB","url":"https://github.com/mysteriumnetwork/node/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31309.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31309"},{"type":"FIX","url":"https://github.com/mysteriumnetwork/node/commit/bc099fcaff59fee9c8a8f8e07ffff5b3c5df2bb9"},{"type":"PACKAGE","url":"https://github.com/sch8ill/CVE-2026-31309"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mysteriumnetwork/node","events":[{"introduced":"043c542056e0868221f2c607ec6e6bb6ec2c8bed"},{"fixed":"b69dd4a2c5d1244e4c6e96517c21ccc9b4ea3567"},{"fixed":"bc099fcaff59fee9c8a8f8e07ffff5b3c5df2bb9"}],"database_specific":{"extracted_events":[{"introduced":"v1.21.1-rc0"},{"fixed":"v1.36.0"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["1.35.5","1.35.4","1.35.3","1.35.2","1.35.1","1.35.0","1.34.1","1.34.0","1.33.10","1.33.9","1.33.8","1.33.5","1.33.7","1.33.6","1.33.4","1.33.2","1.33.1","1.33.0","1.32.3","1.32.2","1.32.1","1.32.0","1.31.4","1.31.3","1.31.2","1.31.1","1.31.0","1.30.3","1.30.2","1.30.1","1.30.0","1.29.23","1.29.22","1.29.21","1.29.20","1.29.19","1.29.18","1.29.17","1.29.16","1.29.15","1.29.14","1.29.13","1.29.12","1.29.11","1.29.10","1.29.9","1.29.9-rc1","1.29.8","1.29.7","1.29.6","1.29.4","1.29.5","1.29.3","1.29.2","1.29.2-rc4","1.29.2-rc3","1.29.2-rc2","1.29.2-rc1","1.29.1","1.29.0","1.28.0","1.27.0","1.26.0","1.25.5","1.25.4","1.25.3","1.25.2","1.25.1","1.25.0","1.24.0","1.24.0-rc15","1.23.0","1.22.1","1.22.0","1.21.1-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31309.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}