Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

GHSA-6g2f-w7g3-77vf: 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

0
High
Published: 07/02/2026 (07/02/2026, 21:13:19 UTC)
Source: GCVE Database
Product: 9router

Description

9router contains an incomplete fix for CVE-2026-46339 that allows bypassing a local-only access gate via spoofed Host and Origin headers when deployed behind reverse proxies or tunnels. The gate relies on these headers to determine local requests, which are attacker-controlled in proxied environments. An attacker who obtains or guesses a deterministic CLI token derived from the machine ID can bypass the gate and interact with MCP child processes, potentially achieving remote code execution. The vulnerability affects 9router versions up to 0.4.55. The severity is high due to the requirement of additional conditions like token access and proxied deployment.

CVSS v3.1

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

Affected software

npmghsa
9router
Affected versions
<=0.4.55

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/02/2026, 23:04:28 UTC

Technical Analysis

The vulnerability in 9router (CVE-2026-49353) stems from an incomplete fix for a prior unauthenticated remote code execution issue (CVE-2026-46339). The local-only access gate implemented in src/dashboardGuard.js restricts sensitive routes by checking the Host and Origin HTTP headers for loopback hostnames rather than verifying the actual TCP source IP. This allows attackers to bypass the gate in deployments behind reverse proxies, Cloudflare Tunnel, Tailscale, or DNS rebinding attacks by spoofing these headers. Access to these routes also requires a CLI token, which is a deterministic HMAC of the machine ID, making it predictable in some environments. Once bypassed, attackers can establish Server-Sent Events sessions and send arbitrary JSON-RPC commands to MCP child processes (node, python, npx, etc.), enabling remote code execution on the host. The vulnerability affects versions up to 0.4.55 and requires proxied deployment and token access, reducing severity compared to the original CVE-2026-46339.

Potential Impact

An attacker able to reach a proxied or tunneled 9router instance and obtain or guess the deterministic CLI token can bypass the local-only access restriction. This enables interaction with MCP child processes via stdin, potentially leading to remote code execution on the host system. The impact includes unauthorized code execution with the privileges of the 9router process. The severity is high but reduced from the original CVE-2026-46339 due to the additional requirements of proxied deployment and token acquisition.

Mitigation Recommendations

No official patch or fix is currently confirmed. Recommended mitigations include: (1) modifying the local-only access gate to verify the actual source IP address (e.g., using request.ip or socket remote address) instead of trusting Host and Origin headers; (2) replacing the deterministic CLI token with a non-predictable, randomly generated token persisted across runs; (3) binding MCP routes to the loopback interface at the network layer to prevent remote access regardless of header spoofing. Users should monitor vendor advisories for official fixes and apply them when available.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Osv Id
GHSA-6g2f-w7g3-77vf
Osv Schema Version
1.4.0
Aliases
["CVE-2026-49353"]
Ecosystems
["npm"]
Database Specific Severity
HIGH
Cvss Version
3.1

Threat ID: 6a46ecad27e9c7971943b882

Added to database: 07/02/2026, 22:56:45 UTC

Last enriched: 07/02/2026, 23:04:28 UTC

Last updated: 07/02/2026, 23:04:28 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses