CVE-2026-49352 in 9router信息

摘要

由 VulDB • 2026-07-16

9Router是一款AI路由器及令牌节省工具。从版本0.2.21到0.4.44,9Router在src/app/api/auth/login/route.js、src/middleware.js以及后来的src/lib/auth/dashboardSession.js中使用了硬编码的回退JWT密钥“9router-default-secret-change-me”,当未设置JWT_SECRET时,攻击者可伪造auth_token cookie。此问题已在版本0.4.44中得到修复。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!