25 matches found
CVE-2026-56675
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...
CVE-2026-55638
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...
CVE-2026-56675
9router prior to version 0.5.2 validates loopback requests as trusted, allowing unauthenticated access to /v1/* endpoints when a reverse proxy on localhost (127.0.0.1) forwards traffic. A remote attacker could reach /v1 APIs (e.g., /v1/models) without an API key, potentially abusing configured up...
CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass
9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...
CVE-2026-55500
CVE-2026-55500 (9router) exposes a critical flaw in the /api/settings/database endpoint. The GET export returns the entire database, including plaintext API keys, OAuth tokens, and provider credentials, while POST can wipe-and-replace the database with attacker-controlled data. This bypasses auth...
CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...
CVE-2026-59800
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...
NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.71...
Incorrect Authorization
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Incorrect Authorization via the /api/settings/database endpoint, which allows exporting the entire database including plaintext API keys, OAuth tokens, and sensitive settings, a...
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...
Missing Authorization
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...
NPM: 9router: Missing Authorization and OS Command Injection
NPM: 9router: Missing Authorization and OS Command Injection vulnerability discovered by ? in WordPress Npm 9router versions 0.4.44...
CVE-2026-10269
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
CVE-2026-10269
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...
9Router 授权问题漏洞
9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...
NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.30, 0.4.37...
GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
CVE-2026-5842
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...
decolua 9router vulnerable to authorization bypass
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...