CVE-2026-56678
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream
CVSS
6.4
Medium
EPSS
0.2%
p7
KEV
—
Exploit Today
2
0-100
Published: Jul 15, 2026 · Last modified: Jul 16, 2026 · CWE-20 · CWE-918
0.2%EPSS · 30 days0.2%
2026-07-162026-07-17
9Router is an AI router & token saver. Prior to 0.5.6, the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key builds an upstream URL using a user-controlled region value, allowing an authenticated attacker to supply a crafted region such as kiro-canary.local:8443# and cause 9Router to send the Kiro validation request to an attacker-controlled host while forwarding the submitted Kiro API key as an Authorization header. This issue is fixed in version 0.5.6.
- github.comhttps://github.com/decolua/9router/commit/126aa244c5b51b74ab8c7594e3418fcf4437bf6f
- github.comhttps://github.com/decolua/9router/releases/tag/v0.5.6
- github.comhttps://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m
- github.comhttps://github.com/decolua/9router/security/advisories/GHSA-6mwv-4mrm-5p3m
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-202308.6 HIG98.5%
KEV—80Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability16dCVE-2026-1540910.0 CRI66.5%
KEV—70SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability2dCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2020-248819.8 CRI99.4%
——30SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.7dCVE-2026-445788.6 HIG98.4%
——30Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.1d