CVE-2026-49353 in 9routerinfo

Summary

by MITRE • 07/16/2026

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest() to protect /api/mcp/*, /api/tunnel/*, and /api/cli-tools/*, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP child process stdin paths.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/16/2026

The vulnerability in 9Router version 0.4.45 and earlier represents a critical access control flaw that undermines the security boundaries of the application's dashboard protection mechanisms. The software employs src/dashboardGuard.js as a local-only access gate to restrict access to sensitive API endpoints including /api/mcp/, /api/tunnel/, and /api/cli-tools/*. This protection mechanism relies on Host and Origin headers within the isLocalRequest() function to determine whether incoming requests originate from localhost. However, this approach fails to account for scenarios where the application operates behind reverse proxies or through tunnel deployments, creating a fundamental security gap that allows malicious actors to bypass these protective measures.

The technical flaw stems from the improper trust placed in HTTP headers that can be easily manipulated by attackers. When 9Router operates in environments with reverse proxies or tunneling services, the Host and Origin headers may not accurately reflect the true source of requests. This header spoofing vulnerability enables attackers to craft requests that appear to originate from localhost while actually coming from external sources. The implications are particularly severe for the MCP child process stdin paths that are accessible through the affected API endpoints, as these interfaces typically provide direct access to underlying system processes and could allow for arbitrary command execution or data manipulation.

The operational impact of this vulnerability extends beyond simple unauthorized access to potentially enabling full system compromise. Attackers who exploit this weakness can gain access to the MCP child processes which are designed to handle sensitive operations including machine control protocols, tunnel management, and CLI tool execution. This creates a pathway for privilege escalation and lateral movement within the network environment where 9Router is deployed. The vulnerability affects any deployment scenario that relies on reverse proxies or tunneling services, making it particularly dangerous in cloud environments, containerized deployments, or any infrastructure where such networking configurations are common.

Security controls based on HTTP headers alone represent a known weakness in web application security architectures and align with CWE-601 vulnerabilities related to URL redirection and the improper handling of request headers. This vulnerability also maps to ATT&CK technique T1190 which describes the use of exploitation for privilege escalation through the manipulation of network infrastructure components. Organizations using 9Router should immediately implement mitigations including the enforcement of strict header validation, implementation of additional authentication layers, or configuration changes that prevent header spoofing in proxy environments. The recommended approach involves deploying proper access controls that do not rely solely on potentially manipulable HTTP headers and instead use more robust verification mechanisms such as IP address validation, authentication tokens, or dedicated security middleware that can properly identify legitimate local requests regardless of network configuration complexities.

Responsible

GitHub M

Reservation

05/29/2026

Disclosure

07/16/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!