EXECUTIVE SUMMARY:
CVE-2026-46339 with a CVSS score of 10.0 is a unauthenticated remote code execution vulnerability caused by improper route protection in a Next.js middleware configuration. The application exposes two API endpoints /api/cli-tools/* and /api/mcp/* that bypass authentication due to an overly narrow middleware allowlist. An attacker can first abuse an unauthenticated endpoint to register a “custom plugin” where both the command and arguments are fully attacker-controlled and stored in a global process state. This malicious configuration is then triggered through an unauthenticated Server-Sent Events endpoint, which ultimately invokes spawn() with the attacker-defined command, resulting in arbitrary OS command execution under the privileges of the 9router process. The issue stems from missing authentication coverage, lack of input validation, and unsafe execution of user-supplied command definitions, making exploitation straightforward and fully remote. Successful exploitation can lead to full system compromise, including credential theft (cloud keys, API tokens), persistence, and potential container escape in Docker environments.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-46339 with a CVSS score of 10.0 is a unauthenticated remote code execution vulnerability caused by improper route protection in a Next.js middleware configuration. The application exposes two API endpoints /api/cli-tools/* and /api/mcp/* that bypass authentication due to an overly narrow middleware allowlist. An attacker can first abuse an unauthenticated endpoint to register a “custom plugin” where both the command and arguments are fully attacker-controlled and stored in a global process state. This malicious configuration is then triggered through an unauthenticated Server-Sent Events endpoint, which ultimately invokes spawn() with the attacker-defined command, resulting in arbitrary OS command execution under the privileges of the 9router process. The issue stems from missing authentication coverage, lack of input validation, and unsafe execution of user-supplied command definitions, making exploitation straightforward and fully remote. Successful exploitation can lead to full system compromise, including credential theft (cloud keys, API tokens), persistence, and potential container escape in Docker environments.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update 9router to version 0.4.55 or later.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-fhh6-4qxv-rpqj