Package impact
npm / 9router
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46339 | critical | — | 9.5 | 11d ago | 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes | |||
| CVE-2026-5842 | high | 7.3 | 7.3 | 2mo ago | decolua 9router vulnerable to authorization bypass |