CVE-2026-56675 in 9routerinfo

Summary

by MITRE • 07/10/2026

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as local. A remote unauthenticated attacker can access /v1 APIs such as /v1/models and may abuse configured upstream provider credentials through /v1 proxy endpoints depending on enabled providers. This issue is fixed in version 0.5.2.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability in 9Router represents a critical authentication bypass flaw that stems from improper trust validation of loopback requests within the application's security architecture. This issue affects versions prior to 0.5.2 and demonstrates a fundamental weakness in how the system handles request origin verification, particularly when dealing with internal routing mechanisms. The core problem manifests in the dashboardGuard.js module where the application incorrectly classifies external requests as local when they are forwarded through a reverse proxy configuration that routes public traffic to the backend service via the loopback interface at 127.0.0.1. This misclassification occurs because the system fails to properly validate the actual source of requests rather than relying solely on the destination address.

The technical implementation flaw allows an attacker to exploit a trust relationship that should not exist between external traffic and internal API endpoints. When a reverse proxy forwards requests from public interfaces to the 9Router service running on localhost, the application's security layer incorrectly treats these as internal or trusted requests. This misclassification enables unauthorized access to the /v1 API endpoints without requiring any authentication credentials, as the system bypasses normal authentication checks for what it perceives as local requests. The vulnerability specifically impacts the /v1/models endpoint and potentially other proxy endpoints that are configured to forward requests to upstream provider services.

The operational impact of this vulnerability extends beyond simple unauthorized access to include potential credential theft and abuse of configured third-party service integrations. An attacker who successfully exploits this vulnerability can enumerate available models through the /v1/models endpoint and may leverage the proxy functionality to access upstream provider services using credentials that are configured within the 9Router instance. This represents a significant risk when the router is configured with credentials for cloud providers, AI service APIs, or other sensitive backend systems. The attack vector is particularly concerning because it requires no authentication from the attacker's perspective and can be executed through normal network traffic patterns.

The security implications align with CWE-284 Access Control Issues, specifically addressing improper access control mechanisms that fail to properly validate request origins and trust relationships. This vulnerability also maps to ATT&CK technique T1078 Valid Accounts, as it enables attackers to leverage legitimate service configurations to gain unauthorized access to protected functionality. The fix implemented in version 0.5.2 addresses this by strengthening the origin validation logic within the dashboardGuard.js module to properly distinguish between genuine local requests and forwarded external traffic. Organizations using 9Router should immediately upgrade to version 0.5.2 or later to mitigate this risk, while also reviewing their reverse proxy configurations to ensure proper header forwarding and request validation. The vulnerability demonstrates the importance of not relying solely on destination addresses for access control decisions and highlights the need for robust origin verification mechanisms in distributed systems architecture.

Responsible

GitHub M

Reservation

06/22/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!