CVE-2026-55641
Deferred Deferred - Pending Action

Host Header Spoofing in 9Router AI Router

Vulnerability report for CVE-2026-55641, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this exposes the /v1 proxy to upstream provider calls using stored provider credentials and allows /v1/search with the searxng provider_options.baseUrl parameter to drive server-side requests to internal or cloud-metadata hosts. This issue is fixed in version 0.5.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
9router 9router to 0.5.2 (exc)
decolua 9router to 0.5.2 (exc)
decolua 9router to 0.4.81 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1327 The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CWE-348 The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in 9router allows unauthenticated remote attackers to bypass API-key authentication and access the /v1 proxy endpoint. This can lead to unauthorized use of stored provider credentials and server-side request forgery (SSRF) to internal or cloud-metadata hosts.

Such unauthorized access and potential data exfiltration could impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and protection against unauthorized data disclosure.

Specifically, the ability for attackers to use victim's API keys to relay requests or to access internal services may lead to breaches of confidentiality and integrity, which are critical compliance requirements.

Therefore, this vulnerability poses a risk to maintaining compliance with data protection regulations by exposing sensitive data and credentials to unauthorized parties.

Executive Summary

CVE-2026-55641 is a vulnerability in 9router versions 0.4.71 and earlier where the application incorrectly determines if a /v1 LLM proxy request is local by relying on the client-controlled Host header instead of the actual client IP address.

Because 9router binds to all network interfaces (0.0.0.0) by default, a remote unauthenticated attacker can spoof the Host header to values like 'localhost' or '127.0.0.1' to bypass API-key authentication and gain unauthorized access to the proxy endpoint.

This allows attackers to use the victim's stored API keys to relay requests to AI providers (causing cost and quota theft) and to perform unauthenticated Server-Side Request Forgery (SSRF) attacks by making the server fetch data from internal or cloud-metadata services.

Impact Analysis

This vulnerability can lead to unauthorized use of your stored API keys, resulting in unexpected costs and quota depletion as attackers relay requests through your account.

It also enables attackers to perform SSRF attacks, potentially exposing sensitive internal or cloud metadata information by forcing the server to make requests to internal resources.

Since no authentication or user interaction is required, any network attacker can exploit this vulnerability if the 9router instance is accessible.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for requests to the /v1 proxy endpoint that include suspicious Host headers such as 'localhost' or '127.0.0.1' coming from remote IP addresses.

You can use network packet capture tools like tcpdump or Wireshark to filter and inspect HTTP requests to the vulnerable 9router instance.

  • Use tcpdump to capture HTTP requests to port 80 or the port 9router is running on: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
  • Filter captured traffic for Host headers containing 'localhost' or '127.0.0.1': tcpdump -i <interface> -A | grep -i 'Host: localhost\|Host: 127.0.0.1'

Additionally, checking 9router logs for unauthenticated access attempts to /v1 endpoints with these spoofed Host headers can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include upgrading 9router to version 0.5.2 or later where this vulnerability is fixed.

If upgrading is not immediately possible, you should:

  • Restrict network access to the 9router service so that only trusted local IP addresses can connect, preventing remote attackers from reaching the service.
  • Configure 9router to bind only to the loopback interface (127.0.0.1) instead of 0.0.0.0 to prevent remote connections.
  • Enforce API key authentication for all requests, especially those coming from non-loopback IP addresses.
  • Validate and restrict the provider_options.baseUrl parameter to prevent SSRF attacks.
  • Remove or restrict permissive CORS headers to limit cross-origin requests.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55641. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart