CVE-2026-55638 in 9routerinfo

Summary

by MITRE • 07/10/2026

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/* to bypass the API-key gate and cause the server to make upstream provider calls using operator-stored LLM provider credentials. This issue is fixed in version 0.5.2.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability described represents a critical access control flaw in the 9router application that enables unauthorized remote attackers to bypass authentication mechanisms and execute malicious API requests. This weakness stems from an incomplete security configuration where certain API endpoints receive inadequate protection despite being part of the application's core functionality. The vulnerability specifically affects versions prior to 0.5.2 and demonstrates a classic case of insecure direct object reference or access control bypass that can have severe operational consequences for organizations relying on the application's AI routing capabilities.

The technical implementation of this flaw occurs within the application's security layer where the dashboardGuard.js file establishes protection for several API endpoints including /v1, /v1beta, /api/v1, and /api/v1beta. However, the endpoint /codex remains unprotected due to a configuration gap that fails to include it in the authentication checks. This oversight creates an exploitable pathway where attackers can directly access the /codex/* routes which are subsequently rewritten by next.config.mjs to map to /api/v1/responses. The attack vector leverages the application's URL rewriting functionality to circumvent existing security controls, effectively allowing unauthorized users to bypass the API key authentication mechanism that should protect all upstream provider calls.

The operational impact of this vulnerability is particularly concerning as it allows unauthenticated attackers to leverage the system's legitimate LLM provider credentials stored by operators. When a remote attacker sends requests to the unprotected /codex/* endpoints, the application executes upstream calls using these operator-stored credentials without proper authentication checks. This creates a potential for unauthorized consumption of expensive AI computing resources and could lead to significant financial losses through excessive API usage charges. The vulnerability also poses data privacy risks as attackers could potentially access or manipulate data processed through the LLM providers.

This security issue aligns with CWE-284 Access Control Bypass and represents a failure in implementing proper authorization controls across all application endpoints. The vulnerability demonstrates weaknesses in the principle of least privilege enforcement where the application should have consistently applied authentication requirements to all API routes that could potentially access sensitive backend services. From an attacker perspective, this flaw maps to ATT&CK technique T1078 Valid Accounts and T1566 Phishing as it allows unauthorized access through legitimate credential storage mechanisms without requiring additional account compromise or social engineering.

The fix implemented in version 0.5.2 addresses the root cause by ensuring comprehensive protection for all API endpoints including /codex, thereby closing the gap in the security configuration. Organizations should verify that all application routes are properly secured and that URL rewriting configurations do not inadvertently create bypass opportunities. Regular security audits of access control mechanisms and endpoint protection should be conducted to prevent similar issues in other components of the system architecture. The remediation process should also include proper testing of URL rewrite rules to ensure they do not compromise existing authentication controls and that all application paths maintain consistent security posture throughout the software lifecycle.

Responsible

GitHub M

Reservation

06/17/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!