CVE-2026-62328 in 9Router
Summary
by MITRE • 07/14/2026
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/14/2026
This vulnerability represents a critical information disclosure flaw in the 9Router software version 0.4.41 that exposes sensitive user data through improperly protected API endpoints. The issue stems from the absence of authentication middleware on key routes that handle request logging and conversation history retrieval, creating an attack surface where remote adversaries can access confidential information without any authorization requirements. The vulnerability affects the request-logs and request-details API endpoints which are designed to store and serve detailed interaction data between users and AI systems, including complete conversation histories that encompass system prompts, user messages, assistant responses, tool calls, and personal identifiers such as email addresses.
The technical implementation of this flaw demonstrates a fundamental security misconfiguration where the application fails to enforce proper access controls on sensitive data endpoints. Attackers can exploit this vulnerability through simple HTTP requests to enumerate paginated logs and retrieve complete conversation histories, effectively bypassing all authentication mechanisms that should protect user data. This represents a classic case of insufficient authorization checks as classified under CWE-285, where the system allows unauthorized access to protected resources due to missing or improperly implemented access control measures. The vulnerability is particularly concerning because it exposes not only the content of conversations but also metadata and personally identifiable information that could be used for identity theft, social engineering attacks, or other malicious activities.
From an operational perspective, this vulnerability creates significant risk for organizations using 9Router as they may unknowingly expose sensitive user communications and personal data to unauthorized parties. The impact extends beyond simple data exposure as the complete AI conversation histories contain potentially confidential information that could include proprietary business discussions, personal health information, financial details, or other sensitive content. This type of vulnerability aligns with attack patterns documented in the MITRE ATT&CK framework under the T1567 technique for "Exfiltration Over Web Service,' where adversaries leverage legitimate web services to steal data. The unauthenticated nature of the access means that even basic network monitoring may not detect these attacks as they appear as normal API requests from valid endpoints.
The mitigation strategy should focus on implementing comprehensive authentication middleware across all API endpoints that handle sensitive user data and conversation histories. Security controls must include proper access control enforcement mechanisms such as token-based authentication, API key validation, or session management protocols to ensure only authorized users can access protected resources. Organizations should also implement rate limiting and monitoring on these endpoints to detect abnormal access patterns that might indicate exploitation attempts. Additionally, the application architecture should be reviewed to ensure that data separation principles are properly enforced and that sensitive information is not exposed through unintended API routes. Regular security testing including penetration testing and automated vulnerability scanning should be conducted to identify similar misconfigurations in other endpoints and prevent future incidents of this nature.