CVE-2026-56676 in 9routerinfo

Summary

by MITRE • 07/10/2026

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability described represents a sophisticated server-side request forgery (ssrf) attack vector within the 9router application that operates as an AI router and token saver. This flaw stems from inconsistent DNS resolution handling between client-side and server-side operations, creating a window of opportunity for authenticated attackers to bypass network isolation controls. The vulnerability specifically affects versions prior to 0.5.2 where the image URL validation process performs initial host resolution but fails to maintain consistent DNS state throughout the complete request lifecycle.

The technical implementation of this vulnerability exploits the difference in DNS resolution timing between the frontend validation layer and backend processing components. When an authenticated user accesses the LLM proxy with a vision-capable model, they can submit malicious image URLs that initially resolve to public IP addresses through the early validation step. However, during the subsequent server-side fetch operation in open-sse/translator/concerns/image.js, a separate DNS resolution occurs which may resolve to internal network addresses due to DNS rebinding techniques. This inconsistency allows attackers to effectively tunnel requests from external systems into internal services that should normally be inaccessible.

The operational impact of this vulnerability extends beyond simple information disclosure, as it enables potential lateral movement within network environments and access to internal HTTP services that typically require direct network access or authentication. Attackers can leverage this weakness to probe internal systems, potentially identifying sensitive services, misconfigurations, or vulnerable components that are not exposed to external networks. The authenticated nature of the attack requires a valid user session but does not necessitate administrative privileges, making it particularly dangerous in environments where legitimate users have access to vision-capable models.

This vulnerability aligns with CWE-918 Server-Side Request Forgery (SSRF) which specifically addresses flaws that allow attackers to manipulate server-side requests to access internal resources. The attack pattern follows techniques described in MITRE ATT&CK framework under T1046 Network Service Scanning and T1566 Phishing, where the initial access vector is through legitimate application functionality but the exploitation targets internal network resources. The DNS rebinding technique employed in this attack demonstrates a sophisticated understanding of how to exploit timing differences in network resolution processes.

The mitigation strategy implemented in version 0.5.2 addresses the core issue by ensuring consistent DNS resolution throughout the entire request lifecycle. This typically involves either maintaining the same DNS resolution context across both validation and fetch operations or implementing more robust URL sanitization that prevents the exploitation of timing-based DNS resolution differences. Organizations should also consider additional defensive measures such as network segmentation, outbound proxy restrictions, and comprehensive input validation for all external resource references to prevent similar vulnerabilities in other components.

The incident highlights the importance of maintaining consistent security controls across all layers of application architecture, particularly when handling external resource requests. The vulnerability demonstrates how seemingly minor implementation details in DNS resolution can create significant security risks when not properly synchronized across different operational phases. Organizations should conduct thorough reviews of their application's external resource handling processes to identify similar timing-based inconsistencies that could be exploited by attackers. This vulnerability serves as a reminder that even authenticated access controls cannot protect against well-crafted server-side request forgery attacks that exploit fundamental network architecture weaknesses in application design.

Responsible

GitHub M

Reservation

06/22/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!