{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/9router--0.4.41/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["9Router \u003c= 0.4.41"],"_cs_severities":["critical"],"_cs_tags":["web-vulnerability","api-security","data-exfiltration","credential-access","denial-of-service","unauthenticated-access"],"_cs_type":"advisory","_cs_vendors":["9Router"],"content_html":"\u003cp\u003eCritical API security vulnerabilities have been identified in 9Router's Next.js dashboard, impacting versions up to 0.4.41. These flaws stem from a lack of authentication middleware on several API endpoints, making them fully accessible to unauthenticated attackers. Specifically, the \u003ccode\u003e/api/providers\u003c/code\u003e endpoints permit complete Create, Read, Update, and Delete (CRUD) operations on all provider connections, enabling an attacker to manipulate or destroy configurations, redirect traffic, or capture credentials. Additionally, the \u003ccode\u003e/api/usage/stats\u003c/code\u003e endpoint exposes full plaintext API keys, while \u003ccode\u003e/api/usage/request-logs\u003c/code\u003e and \u003ccode\u003e/api/usage/request-details\u003c/code\u003e disclose all users' request history and sensitive conversation contents, including system prompts and user messages. This combination of vulnerabilities allows for widespread data exfiltration, credential compromise, and potential denial of service or traffic hijacking.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends an HTTP GET request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/providers\u003c/code\u003e to list all configured provider connections, obtaining partial credentials and account IDs.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP POST request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/providers\u003c/code\u003e with a malicious payload to create a new, attacker-controlled provider connection (e.g., \u003ccode\u003e{\u0026quot;provider\u0026quot;:\u0026quot;openai\u0026quot;,\u0026quot;authType\u0026quot;:\u0026quot;apikey\u0026quot;,\u0026quot;name\u0026quot;:\u0026quot;rogue\u0026quot;,\u0026quot;apiKey\u0026quot;:\u0026quot;sk-attacker-controlled\u0026quot;}\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP PUT request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/providers/\u0026lt;existing-uuid\u0026gt;\u003c/code\u003e to modify an existing provider's configuration, potentially replacing legitimate API keys with their own to redirect traffic or exfiltrate data.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP DELETE request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/providers/\u0026lt;existing-uuid\u0026gt;\u003c/code\u003e to delete critical provider connections, leading to denial of service for legitimate users.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP GET request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/usage/stats\u003c/code\u003e to retrieve a list of all plaintext API keys, per-account usage data, and cost information.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP GET request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/usage/request-logs\u003c/code\u003e to obtain paginated request logs containing timestamps, models, providers, and user emails.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves individual conversation details by sending an HTTP GET request to \u003ccode\u003ehttps://\u0026lt;host\u0026gt;/api/usage/request-details/\u0026lt;request-uuid\u0026gt;\u003c/code\u003e, exposing full conversation turns, including system prompts and sensitive user messages.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the stolen API keys and conversation data for further malicious activities, such as unauthorized access to AI provider accounts or social engineering.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe identified vulnerabilities have critical consequences. An attacker can add malicious providers to intercept all prompts and responses, modify existing providers to hijack legitimate traffic, or delete all providers to cause a complete denial of service. The compromise extends to a full API key leak via \u003ccode\u003e/api/usage/stats\u003c/code\u003e, enabling unauthorized use of connected AI provider accounts. Most critically, the \u003ccode\u003e/api/usage/request-details\u003c/code\u003e endpoint exposes complete conversation histories, including highly sensitive system prompts, user messages, and assistant responses, leading to severe privacy breaches and potential exfiltration of proprietary or confidential information processed by AI models.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching 9Router instances to a version greater than 0.4.41 immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM solution and tune them for your environment to detect attempts to exploit these vulnerabilities against \u003ccode\u003e/api/providers\u003c/code\u003e, \u003ccode\u003e/api/usage/stats\u003c/code\u003e, and \u003ccode\u003e/api/usage/request-details\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for any suspicious unauthenticated POST, PUT, or DELETE requests to \u003ccode\u003e/api/providers\u003c/code\u003e endpoints as well as GET requests to \u003ccode\u003e/api/usage/stats\u003c/code\u003e or \u003ccode\u003e/api/usage/request-details\u003c/code\u003e originating from unusual IP addresses.\u003c/li\u003e\n\u003cli\u003eImplement strong authentication and authorization controls for all sensitive API endpoints in your environment, especially those related to configuration and data access.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T21:30:03Z","date_published":"2026-07-06T21:30:03Z","id":"https://feed.craftedsignal.io/briefs/2026-07-9router-unauthenticated-api/","summary":"Multiple critical unauthenticated API vulnerabilities in 9Router versions up to 0.4.41 allow an attacker to perform full CRUD operations on provider connections, leak plaintext API keys, and access sensitive conversation history, posing risks of data exfiltration and denial of service.","title":"Critical Unauthenticated API Vulnerabilities in 9Router Leading to Data Leak and RCE Risk","url":"https://feed.craftedsignal.io/briefs/2026-07-9router-unauthenticated-api/"}],"language":"en","title":"CraftedSignal Threat Feed - 9Router \u003c= 0.4.41","version":"https://jsonfeed.org/version/1.1"}