CVE-2026-55638
9router prior to version 0.5.2 exposed an unauthenticated access path via /codex that bypassed the API-key gate due to an incomplete rewrite handling. An attacker could send requests to /codex/* and trigger upstream provider calls using operator-stored LLM provider credentials. The vulnerability ...