PT-2026-57210 · 9Router · 9Router

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-56676

CVSS v3.1

7.4

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.5.2
Description An authenticated attacker with access to the LLM proxy can perform a Server-Side Request Forgery (SSRF) by exploiting a Time-of-Check to Time-of-Use (TOCTOU) gap during image URL validation. The software validates image URLs by resolving the host before fetching, but the server-side fetch performed in open-sse/translator/concerns/image.js executes a separate DNS resolution. By using a vision-capable model and a DNS name that first resolves to a public IP and subsequently rebinds to an internal address, an attacker can force the server to make requests to internal-only HTTP services.
Recommendations Update to version 0.5.2.

Fix

Time Of Check To Time Of Use

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56676

Affected Products

9Router