Lucene search
K

25 matches found

NVD
NVD
added yesterday6 views

CVE-2026-56675

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-55638

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-56675

9router prior to version 0.5.2 validates loopback requests as trusted, allowing unauthenticated access to /v1/* endpoints when a reverse proxy on localhost (127.0.0.1) forwards traffic. A remote attacker could reach /v1 APIs (e.g., /v1/models) without an API key, potentially abusing configured up...

8.3CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday8 views

CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-55500

CVE-2026-55500 (9router) exposes a critical flaw in the /api/settings/database endpoint. The GET export returns the entire database, including plaintext API keys, OAuth tokens, and provider credentials, while POST can wipe-and-replace the database with attacker-controlled data. This bypasses auth...

9.9CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday9 views

CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References3
Patchstack
Patchstack
added 5 days ago11 views

NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

NPM: 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.71...

7.3CVSS5.9AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 5 days ago4 views

Incorrect Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Incorrect Authorization via the /api/settings/database endpoint, which allows exporting the entire database including plaintext API keys, OAuth tokens, and sensitive settings, a...

9.9CVSS6AI score
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 5 days ago6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...

7.3CVSS6AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/07/02 8:17 p.m.7 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...

9.5CVSS6.2AI score
Exploits0References3
Patchstack
Patchstack
added 2026/07/02 8:17 p.m.11 views

NPM: 9router: Missing Authorization and OS Command Injection

NPM: 9router: Missing Authorization and OS Command Injection vulnerability discovered by ? in WordPress Npm 9router versions 0.4.44...

9.8CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-10269

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS6AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:16 p.m.17 views

CVE-2026-10269

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS0.00276EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/01 3:15 p.m.31 views

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS0.00276EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

9Router 授权问题漏洞

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/05/19 7:22 p.m.12 views

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.30, 0.4.37...

5.8AI score0.00147EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 7:22 p.m.8 views

GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

10CVSS6.1AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.3 views

CVE-2026-5842

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS5.2AI score0.00313EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/09 6:30 a.m.8 views

decolua 9router vulnerable to authorization bypass

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.5AI score0.00313EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder