PT-2026-57219 · 9Router · 9Router

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-55638

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.5.2
Description An authentication bypass exists because the software fails to protect the /codex endpoint in src/dashboardGuard.js before next.config.mjs rewrites /codex/* to /api/v1/responses. A remote unauthenticated attacker can send requests to the /codex/* endpoint to bypass the API-key gate, forcing the server to make upstream provider calls using operator-stored LLM provider credentials.
Recommendations Update to version 0.5.2.

Exploit

Fix

Missing Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55638

Affected Products

9Router