CVE-2026-56675 - 9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs
CVE ID :CVE-2026-56675 Published : July 10, 2026, 5:17 p.m. | 1 hour, 15 minutes ago Description :9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/* access without an API key, so a same-host reverse proxy that forwards public...