Lucene search
K

7 matches found

NVD
NVD
added yesterday6 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42073

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score
Exploits0References3
CVE
CVE
added yesterday16 views

CVE-2026-59800

The CVE-2026-59800 entry describes an OS command injection in 9Router

9.8CVSS6.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 6 days ago14 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.8CVSS5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 6 days ago9 views

GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.2CVSS5.9AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 6 days ago11 views

9router: Missing Authorization and OS Command Injection

POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawned as sudo -S sh. The route is not present in the dashboard middleware matcher in src/proxy.js, so the request reaches...

9.8CVSS5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder