Skip to main content

9Router EUVDEUVD-2026-42930

| CVE-2026-55641 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-07-10 GitHub_M
8.2
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
9.3 CRITICAL

Remote, no-auth, single-header bypass gives AV:N/AC:L/PR:N/UI:N; credential/metadata disclosure is C:H with limited I:L, and the SSRF pivot to other systems justifies S:C.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 16:58 vuln.today

DescriptionCVE.org

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2.

AnalysisAI

Authentication bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker forge a 'Host: localhost' header so the /v1 LLM proxy treats the request as local and skips API-key checks. Once past authentication, an attacker abuses stored provider credentials for upstream LLM calls and leverages /v1/search's searxng provider_options.baseUrl to force server-side requests to internal or cloud-metadata endpoints (SSRF). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed /v1 endpoint
Delivery
Send request with forged Host: localhost
Exploit
Bypass API-key auth as 'local'
Execution
Invoke /v1/search searxng baseUrl or upstream proxy
Persist
Reach internal/metadata host or spend provider credentials
Impact
Exfiltrate credentials/metadata

Vulnerability AssessmentAI

Exploitation Exploitation requires that the 9Router /v1 proxy is network-reachable by the attacker (default configuration is explicitly stated as vulnerable) and that the server derives 'local request' trust from the Host header - satisfied on all versions before 0.5.2. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N, base 8.2) is internally consistent with the description: network reachable, low complexity, no privileges, no user interaction, high confidentiality impact (credential exposure and metadata theft) and limited integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-exposed 9Router instance sends a /v1 request with a spoofed 'Host: localhost' header, which the server trusts as a local call and processes without an API key. The attacker then issues upstream LLM calls billed to the victim's stored provider credentials, and submits a /v1/search request with searxng provider_options.baseUrl set to http://169.254.169.254/ to read cloud-metadata (or internal service) responses. …
Remediation Vendor-released patch: version 0.5.2 - upgrade all 9Router instances to 0.5.2 or later, which corrects how local/loopback requests are determined (fix commit b282f0554972ea35281520738759d76abcd0b0b3; advisory GHSA-86m2-fcxq-5q7c). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running decolua/9router before version 0.5.2 using dependency scanning tools and inventory their network exposure; review proxy access logs for requests with 'Host: localhost' headers from non-internal source IPs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-59801 CRITICAL POC
9.3 Jul 13

Unauthenticated CRUD on the provider-management API in 9Router (through 0.4.41) lets remote attackers with no credential

CVE-2026-5842 MEDIUM POC
5.5 Apr 09

Remote authorization bypass in decolua 9router up to version 0.3.47 allows unauthenticated network attackers to access t

CVE-2026-62327 CRITICAL
9.3 Jul 13

Unauthenticated API key disclosure in 9Router (npm package '9router' by decolua) through version 0.4.41 lets any remote

CVE-2026-62312 HIGH
8.8 Jul 15

Authenticated remote code execution in 9Router before 0.5.2 lets a logged-in attacker run arbitrary OS commands on the h

CVE-2026-62328 HIGH
8.7 Jul 13

Unauthenticated information disclosure in 9Router (decolua/9router) through version 0.4.41 lets remote attackers read ev

CVE-2026-56679 HIGH
8.7 Jul 15

Authentication bypass in 9Router (AI router & token saver) prior to 0.5.4 lets any authenticated user disable applicatio

CVE-2026-55638 HIGH
8.6 Jul 10

Authorization-gate bypass in 9Router (decolua/9router) before 0.5.2 lets a remote unauthenticated attacker reach protect

CVE-2026-56675 HIGH
8.3 Jul 10

Authentication bypass in 9Router (decolua/9router) versions prior to 0.5.2 lets remote unauthenticated attackers reach p

CVE-2026-56676 HIGH
7.4 Jul 10

Server-side request forgery via DNS rebinding in 9Router (decolua/9router) before 0.5.2 allows an authenticated LLM-prox

CVE-2026-56678 MEDIUM
6.4 Jul 15

Server-side request forgery (SSRF) in 9Router's Kiro API-key validation endpoint allows authenticated attackers to redir

CVE-2026-10269 MEDIUM
5.3 Jun 01

Improper authorization in decolua 9router through version 0.4.0 allows remote attackers with low privileges to bypass JW

Share

EUVD-2026-42930 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy