CVE-2026-55638 - 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass
CVE ID :CVE-2026-55638 Published : July 10, 2026, 5:16 p.m. | 1 hour, 15 minutes ago Description :9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/*...