{"data":{"id":"d19d4590-c96a-4aaf-9221-8bd40dc48689","title":"CVE-2026-59800: 9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-i","summary":"9Router versions before 0.4.44 have a critical vulnerability where an unauthenticated attacker can execute arbitrary OS commands through the /api/tunnel/tailscale-install endpoint. The vulnerability exists because the sudoPassword field from user input is passed directly to a shell command without proper validation, and the endpoint lacks authorization checks (middleware matcher protection). An attacker can exploit this when sudo doesn't prompt for a password, such as when the process runs as root or NOPASSWD is configured.","solution":"Update 9Router to version 0.4.44 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-59800","publishedAt":"2026-07-07T19:16:55.260Z","cveId":"CVE-2026-59800","cweIds":["CWE-78"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-07T19:16:55.260Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.45,"researchCategory":null,"atlasIds":null}}