Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities by decolua
CVE-2026-62312 (GCVE-0-2026-62312)
Vulnerability from nvd – Published: 2026-07-15 20:53 – Updated: 2026-07-16 18:51
VLAI
EPSS
VEX
Title
9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to child_process.spawn(), allowing malicious custom plugins to execute commands through /api/mcp//sse. This issue is fixed in version 0.5.2.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/da66783… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:51:17.611560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:51:28.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to child_process.spawn(), allowing malicious custom plugins to execute commands through /api/mcp//sse. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:53:18.302Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp"
},
{
"name": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-63p9-g54h-prrp",
"discovery": "UNKNOWN"
},
"title": "9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-62312",
"datePublished": "2026-07-15T20:53:18.302Z",
"dateReserved": "2026-07-13T19:27:58.314Z",
"dateUpdated": "2026-07-16T18:51:28.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56679 (GCVE-0-2026-56679)
Vulnerability from nvd – Published: 2026-07-15 20:50 – Updated: 2026-07-16 13:00
VLAI
EPSS
VEX
Title
9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade
Summary
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole application, exposing protected routes such as /api/keys and /api/providers to unauthenticated access. This issue is reported as fixed in version 0.5.4.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56679",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:00:02.844824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T13:00:42.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole application, exposing protected routes such as /api/keys and /api/providers to unauthenticated access. This issue is reported as fixed in version 0.5.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:50:30.458Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4"
}
],
"source": {
"advisory": "GHSA-vmjq-hvgq-2wv4",
"discovery": "UNKNOWN"
},
"title": "9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56679",
"datePublished": "2026-07-15T20:50:30.458Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-16T13:00:42.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56678 (GCVE-0-2026-56678)
Vulnerability from nvd – Published: 2026-07-15 20:51 – Updated: 2026-07-16 12:53
VLAI
EPSS
VEX
Title
9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding
Summary
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/126aa24… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56678",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:53:08.213328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:53:24.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:51:33.190Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m"
},
{
"name": "https://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.6"
}
],
"source": {
"advisory": "GHSA-6mwv-4mrm-5p3m",
"discovery": "UNKNOWN"
},
"title": "9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56678",
"datePublished": "2026-07-15T20:51:33.190Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-16T12:53:24.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49353 (GCVE-0-2026-49353)
Vulnerability from nvd – Published: 2026-07-15 20:49 – Updated: 2026-07-16 15:12
VLAI
EPSS
VEX
Title
9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
Summary
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel/*, and /api/cli-tools/*, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP child process stdin paths.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/5e1c126… | x_refsource_MISC |
| https://github.com/decolua/9router/commit/bb86808… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.46 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49353",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T14:49:42.771907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:12:31.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. In 0.4.45 and earlier, 9Router\u0027s src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel/*, and /api/cli-tools/*, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP child process stdin paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:49:15.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf"
},
{
"name": "https://github.com/decolua/9router/commit/5e1c1261368e06dced1cbc650684561b2c8844db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/5e1c1261368e06dced1cbc650684561b2c8844db"
},
{
"name": "https://github.com/decolua/9router/commit/bb86808582067e4fc6f004508a919efb9970d1d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/bb86808582067e4fc6f004508a919efb9970d1d5"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.46",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.46"
}
],
"source": {
"advisory": "GHSA-6g2f-w7g3-77vf",
"discovery": "UNKNOWN"
},
"title": "9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49353",
"datePublished": "2026-07-15T20:49:15.693Z",
"dateReserved": "2026-05-29T14:35:45.903Z",
"dateUpdated": "2026-07-16T15:12:31.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49352 (GCVE-0-2026-49352)
Vulnerability from nvd – Published: 2026-07-15 20:43 – Updated: 2026-07-16 18:55
VLAI
EPSS
VEX
Title
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
Summary
9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an auth_token cookie when JWT_SECRET was unset. This issue is fixed in version 0.4.44
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/fe3ce25… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.44 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49352",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:55:22.519146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:55:46.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2.21, \u003c 0.4.44"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an auth_token cookie when JWT_SECRET was unset. This issue is fixed in version 0.4.44"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:43:41.168Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx"
},
{
"name": "https://github.com/decolua/9router/commit/fe3ce25ae3cda48c0702c2d452e17f6ec214009d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/fe3ce25ae3cda48c0702c2d452e17f6ec214009d"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.44",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.44"
}
],
"source": {
"advisory": "GHSA-jphh-m39h-6gwx",
"discovery": "UNKNOWN"
},
"title": "9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49352",
"datePublished": "2026-07-15T20:43:41.168Z",
"dateReserved": "2026-05-29T14:35:45.903Z",
"dateUpdated": "2026-07-16T18:55:46.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46339 (GCVE-0-2026-46339)
Vulnerability from nvd – Published: 2026-07-15 20:41 – Updated: 2026-07-16 12:55
VLAI
EPSS
VEX
Title
9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary
9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/992f4db… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46339",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:55:18.873125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:55:46.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.4.30, \u003c 0.4.37"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. From 0.4.30 until 0.4.37, 9Router\u0027s src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:41:06.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj"
},
{
"name": "https://github.com/decolua/9router/commit/992f4db4a0d858bcc86b4786f2abab117a6ccdf8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/992f4db4a0d858bcc86b4786f2abab117a6ccdf8"
}
],
"source": {
"advisory": "GHSA-fhh6-4qxv-rpqj",
"discovery": "UNKNOWN"
},
"title": "9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46339",
"datePublished": "2026-07-15T20:41:06.937Z",
"dateReserved": "2026-05-13T18:37:30.990Z",
"dateUpdated": "2026-07-16T12:55:46.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62328 (GCVE-0-2026-62328)
Vulnerability from nvd – Published: 2026-07-13 21:37 – Updated: 2026-07-15 18:10 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
Summary
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62328",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T18:10:10.070565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T18:10:21.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-359",
"description": "Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T21:37:52.094Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-information-disclosure-via-api-usage-endpoints"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-62328",
"datePublished": "2026-07-13T21:37:52.094Z",
"dateReserved": "2026-07-13T21:36:08.380Z",
"dateUpdated": "2026-07-15T18:10:21.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62327 (GCVE-0-2026-62327)
Vulnerability from nvd – Published: 2026-07-13 21:37 – Updated: 2026-07-14 14:30 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats
Summary
9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the missing authentication middleware on the Next.js API route to obtain full API key strings alongside token counts, cost breakdowns, and request metadata, enabling unauthorized use of connected AI provider accounts, billing fraud, and quota exhaustion.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T14:26:02.734466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:30:46.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the missing authentication middleware on the Next.js API route to obtain full API key strings alongside token counts, cost breakdowns, and request metadata, enabling unauthorized use of connected AI provider accounts, billing fraud, and quota exhaustion."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:08:55.335Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-api-key-exposure-via-api-usage-stats"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-62327",
"datePublished": "2026-07-13T21:37:51.416Z",
"dateReserved": "2026-07-13T21:36:08.380Z",
"dateUpdated": "2026-07-14T14:30:46.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59801 (GCVE-0-2026-59801)
Vulnerability from nvd – Published: 2026-07-13 21:30 – Updated: 2026-07-14 13:00 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated API Exposure via /api/providers
Summary
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under src/app/api/providers/*. Attackers can enumerate, create, modify, or delete provider connections to expose partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled servers, or cause complete denial of service by deleting all provider connections.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59801",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:59:57.511776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T13:00:25.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under src/app/api/providers/*. Attackers can enumerate, create, modify, or delete provider connections to expose partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled servers, or cause complete denial of service by deleting all provider connections."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T21:30:07.257Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated API Exposure via /api/providers",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-api-exposure-via-api-providers"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated API Exposure via /api/providers",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59801",
"datePublished": "2026-07-13T21:30:07.257Z",
"dateReserved": "2026-07-07T14:39:14.062Z",
"dateUpdated": "2026-07-14T13:00:25.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56675 (GCVE-0-2026-56675)
Vulnerability from nvd – Published: 2026-07-10 15:39 – Updated: 2026-07-10 16:55
VLAI
EPSS
VEX
Title
9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/da66783… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:54:55.352353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:55:03.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:39:47.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r"
},
{
"name": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-x5c9-v98j-722r",
"discovery": "UNKNOWN"
},
"title": "9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56675",
"datePublished": "2026-07-10T15:39:23.282Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-10T16:55:03.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55641 (GCVE-0-2026-55641)
Vulnerability from nvd – Published: 2026-07-10 15:36 – Updated: 2026-07-10 19:06
VLAI
EPSS
VEX
Title
9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/b282f05… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55641",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T19:06:04.625545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T19:06:14.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348: Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1327",
"description": "CWE-1327: Binding to an Unrestricted IP Address",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:36:05.964Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c"
},
{
"name": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-86m2-fcxq-5q7c",
"discovery": "UNKNOWN"
},
"title": "9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing \u2192 open AI relay + SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55641",
"datePublished": "2026-07-10T15:36:05.964Z",
"dateReserved": "2026-06-16T23:52:12.057Z",
"dateUpdated": "2026-07-10T19:06:14.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55638 (GCVE-0-2026-55638)
Vulnerability from nvd – Published: 2026-07-10 15:38 – Updated: 2026-07-10 16:46
VLAI
EPSS
VEX
Title
9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/b282f05… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55638",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:45:56.907696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:46:33.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:38:21.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r"
},
{
"name": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-8gmq-j984-vp4r",
"discovery": "UNKNOWN"
},
"title": "9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55638",
"datePublished": "2026-07-10T15:38:21.922Z",
"dateReserved": "2026-06-16T23:52:12.057Z",
"dateUpdated": "2026-07-10T16:46:33.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56676 (GCVE-0-2026-56676)
Vulnerability from nvd – Published: 2026-07-10 15:30 – Updated: 2026-07-13 18:11
VLAI
EPSS
VEX
Title
9router: Image prefetch DNS rebinding allows SSRF to internal services
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/c7d0744… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:11:05.854652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:11:54.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:30:49.514Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx"
},
{
"name": "https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-cmhj-wh2f-9cgx",
"discovery": "UNKNOWN"
},
"title": "9router: Image prefetch DNS rebinding allows SSRF to internal services"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56676",
"datePublished": "2026-07-10T15:30:49.514Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-13T18:11:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55501 (GCVE-0-2026-55501)
Vulnerability from nvd – Published: 2026-07-10 15:23 – Updated: 2026-07-10 16:45
VLAI
EPSS
VEX
Title
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
Summary
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/7648c34… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.80 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55501",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:44:55.006800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:45:23.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:25:50.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7"
},
{
"name": "https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.80"
}
],
"source": {
"advisory": "GHSA-7cfm-pqrj-xgq7",
"discovery": "UNKNOWN"
},
"title": "9router: Login brute-force protection bypass via spoofed X-Forwarded-For header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55501",
"datePublished": "2026-07-10T15:23:53.709Z",
"dateReserved": "2026-06-16T22:28:27.063Z",
"dateUpdated": "2026-07-10T16:45:23.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55500 (GCVE-0-2026-55500)
Vulnerability from nvd – Published: 2026-07-10 15:28 – Updated: 2026-07-10 15:41
VLAI
EPSS
VEX
Title
9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover
Summary
9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80.
Severity
9.9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/0c7c9de… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.80 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55500",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T15:39:22.455445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:41:31.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:31:16.352Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx"
},
{
"name": "https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.80"
}
],
"source": {
"advisory": "GHSA-qvfm-67h2-2qfx",
"discovery": "UNKNOWN"
},
"title": "9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55500",
"datePublished": "2026-07-10T15:28:27.620Z",
"dateReserved": "2026-06-16T22:28:27.062Z",
"dateUpdated": "2026-07-10T15:41:31.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62312 (GCVE-0-2026-62312)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:53 – Updated: 2026-07-16 18:51
VLAI
EPSS
VEX
Title
9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to child_process.spawn(), allowing malicious custom plugins to execute commands through /api/mcp//sse. This issue is fixed in version 0.5.2.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/da66783… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:51:17.611560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:51:28.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to child_process.spawn(), allowing malicious custom plugins to execute commands through /api/mcp//sse. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:53:18.302Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-63p9-g54h-prrp"
},
{
"name": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-63p9-g54h-prrp",
"discovery": "UNKNOWN"
},
"title": "9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-62312",
"datePublished": "2026-07-15T20:53:18.302Z",
"dateReserved": "2026-07-13T19:27:58.314Z",
"dateUpdated": "2026-07-16T18:51:28.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56678 (GCVE-0-2026-56678)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:51 – Updated: 2026-07-16 12:53
VLAI
EPSS
VEX
Title
9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding
Summary
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/126aa24… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56678",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:53:08.213328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:53:24.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:51:33.190Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m"
},
{
"name": "https://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.6"
}
],
"source": {
"advisory": "GHSA-6mwv-4mrm-5p3m",
"discovery": "UNKNOWN"
},
"title": "9Router: Kiro region injection allows authenticated SSRF with Authorization header forwarding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56678",
"datePublished": "2026-07-15T20:51:33.190Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-16T12:53:24.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56679 (GCVE-0-2026-56679)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:50 – Updated: 2026-07-16 13:00
VLAI
EPSS
VEX
Title
9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade
Summary
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole application, exposing protected routes such as /api/keys and /api/providers to unauthenticated access. This issue is reported as fixed in version 0.5.4.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56679",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:00:02.844824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T13:00:42.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole application, exposing protected routes such as /api/keys and /api/providers to unauthenticated access. This issue is reported as fixed in version 0.5.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:50:30.458Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vmjq-hvgq-2wv4"
}
],
"source": {
"advisory": "GHSA-vmjq-hvgq-2wv4",
"discovery": "UNKNOWN"
},
"title": "9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56679",
"datePublished": "2026-07-15T20:50:30.458Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-16T13:00:42.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49353 (GCVE-0-2026-49353)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:49 – Updated: 2026-07-16 15:12
VLAI
EPSS
VEX
Title
9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING
Summary
9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel/*, and /api/cli-tools/*, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP child process stdin paths.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/5e1c126… | x_refsource_MISC |
| https://github.com/decolua/9router/commit/bb86808… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.46 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49353",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T14:49:42.771907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:12:31.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. In 0.4.45 and earlier, 9Router\u0027s src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel/*, and /api/cli-tools/*, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP child process stdin paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:49:15.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-6g2f-w7g3-77vf"
},
{
"name": "https://github.com/decolua/9router/commit/5e1c1261368e06dced1cbc650684561b2c8844db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/5e1c1261368e06dced1cbc650684561b2c8844db"
},
{
"name": "https://github.com/decolua/9router/commit/bb86808582067e4fc6f004508a919efb9970d1d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/bb86808582067e4fc6f004508a919efb9970d1d5"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.46",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.46"
}
],
"source": {
"advisory": "GHSA-6g2f-w7g3-77vf",
"discovery": "UNKNOWN"
},
"title": "9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49353",
"datePublished": "2026-07-15T20:49:15.693Z",
"dateReserved": "2026-05-29T14:35:45.903Z",
"dateUpdated": "2026-07-16T15:12:31.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49352 (GCVE-0-2026-49352)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:43 – Updated: 2026-07-16 18:55
VLAI
EPSS
VEX
Title
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
Summary
9Router is an AI router & token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an auth_token cookie when JWT_SECRET was unset. This issue is fixed in version 0.4.44
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/fe3ce25… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.44 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49352",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T18:55:22.519146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T18:55:46.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2.21, \u003c 0.4.44"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. From 0.2.21 until 0.4.44, 9Router used the hardcoded fallback JWT secret 9router-default-secret-change-me in src/app/api/auth/login/route.js, src/middleware.js, and later src/lib/auth/dashboardSession.js, allowing attackers to forge an auth_token cookie when JWT_SECRET was unset. This issue is fixed in version 0.4.44"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:43:41.168Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-jphh-m39h-6gwx"
},
{
"name": "https://github.com/decolua/9router/commit/fe3ce25ae3cda48c0702c2d452e17f6ec214009d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/fe3ce25ae3cda48c0702c2d452e17f6ec214009d"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.44",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.44"
}
],
"source": {
"advisory": "GHSA-jphh-m39h-6gwx",
"discovery": "UNKNOWN"
},
"title": "9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49352",
"datePublished": "2026-07-15T20:43:41.168Z",
"dateReserved": "2026-05-29T14:35:45.903Z",
"dateUpdated": "2026-07-16T18:55:46.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46339 (GCVE-0-2026-46339)
Vulnerability from cvelistv5 – Published: 2026-07-15 20:41 – Updated: 2026-07-16 12:55
VLAI
EPSS
VEX
Title
9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary
9Router is an AI router & token saver. From 0.4.30 until 0.4.37, 9Router's src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37.
Severity
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/992f4db… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46339",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:55:18.873125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:55:46.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.4.30, \u003c 0.4.37"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. From 0.4.30 until 0.4.37, 9Router\u0027s src/proxy.js middleware did not protect /api/cli-tools/* and /api/mcp/*, allowing unauthenticated registration of customPlugins through src/app/api/cli-tools/cowork-settings/route.js and command execution through the MCP bridge. This vulnerability is fixed in 0.4.37."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T20:41:06.937Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj"
},
{
"name": "https://github.com/decolua/9router/commit/992f4db4a0d858bcc86b4786f2abab117a6ccdf8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/992f4db4a0d858bcc86b4786f2abab117a6ccdf8"
}
],
"source": {
"advisory": "GHSA-fhh6-4qxv-rpqj",
"discovery": "UNKNOWN"
},
"title": "9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46339",
"datePublished": "2026-07-15T20:41:06.937Z",
"dateReserved": "2026-05-13T18:37:30.990Z",
"dateUpdated": "2026-07-16T12:55:46.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62328 (GCVE-0-2026-62328)
Vulnerability from cvelistv5 – Published: 2026-07-13 21:37 – Updated: 2026-07-15 18:10 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
Summary
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62328",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T18:10:10.070565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T18:10:21.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-359",
"description": "Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T21:37:52.094Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-information-disclosure-via-api-usage-endpoints"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-62328",
"datePublished": "2026-07-13T21:37:52.094Z",
"dateReserved": "2026-07-13T21:36:08.380Z",
"dateUpdated": "2026-07-15T18:10:21.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62327 (GCVE-0-2026-62327)
Vulnerability from cvelistv5 – Published: 2026-07-13 21:37 – Updated: 2026-07-14 14:30 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats
Summary
9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the missing authentication middleware on the Next.js API route to obtain full API key strings alongside token counts, cost breakdowns, and request metadata, enabling unauthorized use of connected AI provider accounts, billing fraud, and quota exhaustion.
Severity
9.1 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-62327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T14:26:02.734466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:30:46.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the missing authentication middleware on the Next.js API route to obtain full API key strings alongside token counts, cost breakdowns, and request metadata, enabling unauthorized use of connected AI provider accounts, billing fraud, and quota exhaustion."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:08:55.335Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-api-key-exposure-via-api-usage-stats"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-62327",
"datePublished": "2026-07-13T21:37:51.416Z",
"dateReserved": "2026-07-13T21:36:08.380Z",
"dateUpdated": "2026-07-14T14:30:46.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59801 (GCVE-0-2026-59801)
Vulnerability from cvelistv5 – Published: 2026-07-13 21:30 – Updated: 2026-07-14 13:00 X_Open Source
VLAI
EPSS
VEX
Title
9Router 0.4.41 - Unauthenticated API Exposure via /api/providers
Summary
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under src/app/api/providers/*. Attackers can enumerate, create, modify, or delete provider connections to expose partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled servers, or cause complete denial of service by deleting all provider connections.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | vendor-advisory |
| https://www.vulncheck.com/advisories/9router-unau… | third-party-advisory |
Date Public
2026-06-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59801",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:59:57.511776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T13:00:25.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/9router",
"product": "9Router",
"repo": "https://github.com/decolua/9router",
"vendor": "decolua",
"versions": [
{
"lessThanOrEqual": "0.4.41",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ng\u00f4 T\u1ea5n T\u00e0i (@newnol)"
}
],
"datePublic": "2026-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under src/app/api/providers/*. Attackers can enumerate, create, modify, or delete provider connections to expose partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled servers, or cause complete denial of service by deleting all provider connections."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T21:30:07.257Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-vjc7-jrh9-9j86)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-vjc7-jrh9-9j86"
},
{
"name": "VulnCheck Advisory: 9Router 0.4.41 - Unauthenticated API Exposure via /api/providers",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/9router-unauthenticated-api-exposure-via-api-providers"
}
],
"tags": [
"x_open-source"
],
"title": "9Router 0.4.41 - Unauthenticated API Exposure via /api/providers",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-59801",
"datePublished": "2026-07-13T21:30:07.257Z",
"dateReserved": "2026-07-07T14:39:14.062Z",
"dateUpdated": "2026-07-14T13:00:25.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56675 (GCVE-0-2026-56675)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:39 – Updated: 2026-07-10 16:55
VLAI
EPSS
VEX
Title
9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/da66783… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:54:55.352353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:55:03.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:39:47.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-x5c9-v98j-722r"
},
{
"name": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/da667836cc7584bea0edd893de1d590c9ea279dc"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-x5c9-v98j-722r",
"discovery": "UNKNOWN"
},
"title": "9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56675",
"datePublished": "2026-07-10T15:39:23.282Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-10T16:55:03.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55638 (GCVE-0-2026-55638)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:38 – Updated: 2026-07-10 16:46
VLAI
EPSS
VEX
Title
9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2.
Severity
8.6 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/b282f05… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55638",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:45:56.907696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:46:33.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:38:21.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-8gmq-j984-vp4r"
},
{
"name": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-8gmq-j984-vp4r",
"discovery": "UNKNOWN"
},
"title": "9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55638",
"datePublished": "2026-07-10T15:38:21.922Z",
"dateReserved": "2026-06-16T23:52:12.057Z",
"dateUpdated": "2026-07-10T16:46:33.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55641 (GCVE-0-2026-55641)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:36 – Updated: 2026-07-10 19:06
VLAI
EPSS
VEX
Title
9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/b282f05… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55641",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T19:06:04.625545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T19:06:14.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348: Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1327",
"description": "CWE-1327: Binding to an Unrestricted IP Address",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:36:05.964Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-86m2-fcxq-5q7c"
},
{
"name": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/b282f0554972ea35281520738759d76abcd0b0b3"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-86m2-fcxq-5q7c",
"discovery": "UNKNOWN"
},
"title": "9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing \u2192 open AI relay + SSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55641",
"datePublished": "2026-07-10T15:36:05.964Z",
"dateReserved": "2026-06-16T23:52:12.057Z",
"dateUpdated": "2026-07-10T19:06:14.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56676 (GCVE-0-2026-56676)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:30 – Updated: 2026-07-13 18:11
VLAI
EPSS
VEX
Title
9router: Image prefetch DNS rebinding allows SSRF to internal services
Summary
9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2.
Severity
7.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/c7d0744… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.5.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T18:11:05.854652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T18:11:54.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:30:49.514Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-cmhj-wh2f-9cgx"
},
{
"name": "https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/c7d07448c58bec1200741de0b73305b860416b82"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.5.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.5.2"
}
],
"source": {
"advisory": "GHSA-cmhj-wh2f-9cgx",
"discovery": "UNKNOWN"
},
"title": "9router: Image prefetch DNS rebinding allows SSRF to internal services"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-56676",
"datePublished": "2026-07-10T15:30:49.514Z",
"dateReserved": "2026-06-22T16:39:01.044Z",
"dateUpdated": "2026-07-13T18:11:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55500 (GCVE-0-2026-55500)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:28 – Updated: 2026-07-10 15:41
VLAI
EPSS
VEX
Title
9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover
Summary
9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80.
Severity
9.9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/0c7c9de… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.80 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55500",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T15:39:22.455445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:41:31.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:31:16.352Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-qvfm-67h2-2qfx"
},
{
"name": "https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/0c7c9de00ae3ab81d6580e3cc368483c4c03f6fd"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.80"
}
],
"source": {
"advisory": "GHSA-qvfm-67h2-2qfx",
"discovery": "UNKNOWN"
},
"title": "9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55500",
"datePublished": "2026-07-10T15:28:27.620Z",
"dateReserved": "2026-06-16T22:28:27.062Z",
"dateUpdated": "2026-07-10T15:41:31.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55501 (GCVE-0-2026-55501)
Vulnerability from cvelistv5 – Published: 2026-07-10 15:23 – Updated: 2026-07-10 16:45
VLAI
EPSS
VEX
Title
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
Summary
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/decolua/9router/security/advis… | x_refsource_CONFIRM |
| https://github.com/decolua/9router/commit/7648c34… | x_refsource_MISC |
| https://github.com/decolua/9router/releases/tag/v0.4.80 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55501",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T16:44:55.006800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T16:45:23.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "9router",
"vendor": "decolua",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "9Router is an AI router \u0026 token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail. A remote attacker can rotate the X-Forwarded-For value on each login attempt to receive a fresh rate-limit bucket, bypass the 5-attempt threshold and progressive lockout durations, and perform unlimited brute-force attempts against the dashboard password. This issue is fixed in version 0.4.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T15:25:50.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/decolua/9router/security/advisories/GHSA-7cfm-pqrj-xgq7"
},
{
"name": "https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/commit/7648c3412b403a29f04967c4b4e9725e228791d4"
},
{
"name": "https://github.com/decolua/9router/releases/tag/v0.4.80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/decolua/9router/releases/tag/v0.4.80"
}
],
"source": {
"advisory": "GHSA-7cfm-pqrj-xgq7",
"discovery": "UNKNOWN"
},
"title": "9router: Login brute-force protection bypass via spoofed X-Forwarded-For header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55501",
"datePublished": "2026-07-10T15:23:53.709Z",
"dateReserved": "2026-06-16T22:28:27.063Z",
"dateUpdated": "2026-07-10T16:45:23.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}