CVE-2026-56679 - 9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade
CVE ID :CVE-2026-56679 Published : July 15, 2026, 9:16 p.m. | 1 hour, 17 minutes ago Description :9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated...