Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Network-reachable endpoint, low complexity; PR:L because valid account required; S:C for out-of-scope credential exfiltration; no availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443
and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6.
AnalysisAI
Server-side request forgery (SSRF) in 9Router's Kiro API-key validation endpoint allows authenticated attackers to redirect outbound validation requests to an attacker-controlled host, exfiltrating the submitted Kiro API key via the Authorization header. Affected are all 9Router deployments prior to version 0.5.6 where the Kiro OAuth provider is configured. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid low-privilege 9Router account - the CVSS vector confirms PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.4 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N is consistent with the described attack: low-complexity network exploitation requiring only low-privilege authentication, with a scope change affecting the downstream Kiro service through API key theft. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated 9Router user sends a POST request to /api/oauth/kiro/api-key with a crafted region value such as 'attacker.example.com:8443#', causing 9Router to build the URL https://oidc.attacker.example.com:8443#.amazonaws.com/token and issue an outbound validation request with the victim's Kiro API key in the Authorization header to the attacker's listener. No public exploit code was identified at time of analysis, but the technique requires only standard HTTP tooling given the low complexity of the URL fragment injection. |
| Remediation | Upgrade to 9Router v0.5.6, which introduces an AWS region allowlist regex (/^[a-z]{2}-[a-z]+-\d{1,2}$/) via the assertValidAwsRegion() function applied across all region interpolation points in KiroService and related providers, preventing arbitrary host injection. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated CRUD on the provider-management API in 9Router (through 0.4.41) lets remote attackers with no credential
Remote authorization bypass in decolua 9router up to version 0.3.47 allows unauthenticated network attackers to access t
Unauthenticated API key disclosure in 9Router (npm package '9router' by decolua) through version 0.4.41 lets any remote
Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the h
Unauthenticated information disclosure in 9Router (decolua/9router) through version 0.4.41 lets remote attackers read ev
Authentication bypass in 9Router (AI router & token saver) prior to 0.5.4 lets any authenticated user disable applicatio
Authorization-gate bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker reach protect
Authentication bypass in 9Router (decolua/9router) versions prior to 0.5.2 lets remote unauthenticated attackers reach p
Authentication bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker forge a 'Host: lo
Server-side request forgery via DNS rebinding in 9Router (decolua/9router) before 0.5.2 allows an authenticated LLM-prox
Improper authorization in decolua 9router through version 0.4.0 allows remote attackers with low privileges to bypass JW
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44813