Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Unauthenticated remote HTTP (AV:N/PR:N/UI:N); scope change (S:C) because bypassing the guard exposes upstream provider credentials as a separate authority; low C/I/A reflecting enumeration and proxied-credential abuse rather than full compromise.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2.
AnalysisAI
Authentication bypass in 9Router (decolua/9router) versions prior to 0.5.2 lets remote unauthenticated attackers reach protected /v1/* proxy APIs because src/dashboardGuard.js trusts any request arriving over loopback. When 9Router runs behind a same-host reverse proxy that forwards public traffic through 127.0.0.1 - the standard production deployment - external requests are misclassified as local, exposing /v1/models and enabling abuse of configured upstream AI provider credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires that 9Router (before 0.5.2) is deployed behind a same-host reverse proxy which forwards public/internet traffic to the backend over 127.0.0.1 - that loopback-forwarding topology is the exact precondition that makes external requests appear local to src/dashboardGuard.js. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately aligned toward real risk but not critical urgency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | 9Router runs on a server behind nginx, which proxies public HTTPS traffic to the backend on 127.0.0.1. An attacker on the internet simply sends GET /v1/models (and other /v1 proxy requests) with no API key; because the request arrives from the loopback proxy, dashboardGuard.js treats it as local and serves it, potentially letting the attacker route requests through the victim's configured upstream provider credentials. … |
| Remediation | Vendor-released patch: version 0.5.2 - upgrade 9Router to 0.5.2 or later, which corrects the loopback-trust classification in src/dashboardGuard.js (fix commit da667836cc7584bea0edd893de1d590c9ea279dc; advisory GHSA-x5c9-v98j-722r). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all 9Router deployments to identify affected versions (<0.5.2) and confirm deployment architecture (reverse proxy + loopback forwarding). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated CRUD on the provider-management API in 9Router (through 0.4.41) lets remote attackers with no credential
Remote authorization bypass in decolua 9router up to version 0.3.47 allows unauthenticated network attackers to access t
Unauthenticated API key disclosure in 9Router (npm package '9router' by decolua) through version 0.4.41 lets any remote
Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the h
Unauthenticated information disclosure in 9Router (decolua/9router) through version 0.4.41 lets remote attackers read ev
Authentication bypass in 9Router (AI router & token saver) prior to 0.5.4 lets any authenticated user disable applicatio
Authorization-gate bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker reach protect
Authentication bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker forge a 'Host: lo
Server-side request forgery via DNS rebinding in 9Router (decolua/9router) before 0.5.2 allows an authenticated LLM-prox
Server-side request forgery (SSRF) in 9Router's Kiro API-key validation endpoint allows authenticated attackers to redir
Improper authorization in decolua 9router through version 0.4.0 allows remote attackers with low privileges to bypass JW
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42932