PT-2026-57219 · 9Router · 9Router
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-55638
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
9Router versions prior to 0.5.2
Description
An authentication bypass exists because the software fails to protect the
/codex endpoint in src/dashboardGuard.js before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to the /codex/* endpoint to bypass the API-key gate, forcing the server to make upstream provider calls using operator-stored LLM provider credentials.Recommendations
Update to version 0.5.2.
Exploit
Fix
Missing Authorization
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
9Router