PT-2026-57210 · 9Router · 9Router
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-56676
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
9Router versions prior to 0.5.2
Description
An authenticated attacker with access to the LLM proxy can perform a Server-Side Request Forgery (SSRF) by exploiting a Time-of-Check to Time-of-Use (TOCTOU) gap during image URL validation. The software validates image URLs by resolving the host before fetching, but the server-side fetch performed in
open-sse/translator/concerns/image.js executes a separate DNS resolution. By using a vision-capable model and a DNS name that first resolves to a public IP and subsequently rebinds to an internal address, an attacker can force the server to make requests to internal-only HTTP services.Recommendations
Update to version 0.5.2.
Fix
Time Of Check To Time Of Use
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
9Router