9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Source: Advisories.Gitlab
Published:
<p>9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required .</p> <p>The vulnerability exists because the .js middl