CVE-2026-55500 in 9routerinfo

Summary

by MITRE • 07/10/2026

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the ALWAYS_PROTECTED middleware check, which only validates JWT or CLI token. This issue is fixed in version 0.4.80.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability in 9Router prior to version 0.4.80 represents a critical authorization flaw that exposes sensitive operational data through improperly protected administrative endpoints. The /api/settings/database endpoint serves as a gateway for both database export and import operations, functions that should inherently require robust authentication and authorization controls given the sensitive nature of the data involved. This vulnerability stems from inadequate access control implementation where only the ALWAYS_PROTECTED middleware validation was considered sufficient, relying solely on JWT or CLI token verification without additional security layers. The flaw demonstrates a fundamental misunderstanding of security principles where basic token validation is treated as adequate protection for operations that can result in complete system compromise.

The technical execution of this vulnerability allows an attacker to perform full database exports containing credentials, API keys, OAuth tokens, and system settings without proper authentication. This constitutes a severe privilege escalation issue where any authenticated user with access to the endpoint can extract all sensitive information from the system. The database import functionality presents even greater risk as it enables complete system overwrite operations that could lead to data destruction, service disruption, or full system compromise. This vulnerability directly maps to CWE-285 which addresses improper authorization in software systems and aligns with ATT&CK technique T1213.002 for Data from Information Repositories, where adversaries can extract sensitive data through unauthorized access to administrative interfaces.

The operational impact of this vulnerability extends far beyond simple information disclosure, creating potential for catastrophic system compromise. With access to API keys and OAuth tokens, attackers could escalate privileges across integrated services, potentially gaining access to cloud resources, third-party applications, and other connected systems. The complete database import capability allows for malicious overwrite operations that could destroy operational data or inject malicious configurations. This vulnerability particularly affects organizations relying on 9Router for AI-powered networking and token management where the compromise of authentication tokens could lead to widespread unauthorized access across enterprise environments. The lack of proper authorization checks violates security best practices outlined in NIST SP 800-53 controls that require multi-factor authentication and role-based access control for sensitive operations.

The mitigation strategy involves implementing robust authentication and authorization controls that go beyond simple token validation. Organizations should enforce additional security layers including but not limited to multi-factor authentication, IP address restrictions, and granular access controls for administrative endpoints. The fix implemented in version 0.4.80 demonstrates the necessity of comprehensive security review processes that validate all administrative interfaces against established security frameworks. Security teams should conduct regular vulnerability assessments of API endpoints, implement proper input validation, and establish monitoring for unauthorized access attempts to database operations. The vulnerability also highlights the importance of following defense-in-depth principles where multiple security controls work together rather than relying on single validation mechanisms. Organizations using 9Router should immediately update to version 0.4.80 or later and conduct thorough security audits of their network infrastructure to identify similar authorization flaws in other systems.

Responsible

GitHub M

Reservation

06/17/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!