Skip to content

9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Critical severity GitHub Reviewed Published May 13, 2026 in decolua/9router • Updated May 19, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts