<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>9Router &lt;= 0.4.41 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/9router--0.4.41/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 21:30:03 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/9router--0.4.41/feed.xml" rel="self" type="application/rss+xml"/><item><title>Critical Unauthenticated API Vulnerabilities in 9Router Leading to Data Leak and RCE Risk</title><link>https://feed.craftedsignal.io/briefs/2026-07-9router-unauthenticated-api/</link><pubDate>Mon, 06 Jul 2026 21:30:03 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-9router-unauthenticated-api/</guid><description>Multiple critical unauthenticated API vulnerabilities in 9Router versions up to 0.4.41 allow an attacker to perform full CRUD operations on provider connections, leak plaintext API keys, and access sensitive conversation history, posing risks of data exfiltration and denial of service.</description><content:encoded><![CDATA[<p>Critical API security vulnerabilities have been identified in 9Router's Next.js dashboard, impacting versions up to 0.4.41. These flaws stem from a lack of authentication middleware on several API endpoints, making them fully accessible to unauthenticated attackers. Specifically, the <code>/api/providers</code> endpoints permit complete Create, Read, Update, and Delete (CRUD) operations on all provider connections, enabling an attacker to manipulate or destroy configurations, redirect traffic, or capture credentials. Additionally, the <code>/api/usage/stats</code> endpoint exposes full plaintext API keys, while <code>/api/usage/request-logs</code> and <code>/api/usage/request-details</code> disclose all users' request history and sensitive conversation contents, including system prompts and user messages. This combination of vulnerabilities allows for widespread data exfiltration, credential compromise, and potential denial of service or traffic hijacking.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker sends an HTTP GET request to <code>https://&lt;host&gt;/api/providers</code> to list all configured provider connections, obtaining partial credentials and account IDs.</li>
<li>The attacker sends an HTTP POST request to <code>https://&lt;host&gt;/api/providers</code> with a malicious payload to create a new, attacker-controlled provider connection (e.g., <code>{&quot;provider&quot;:&quot;openai&quot;,&quot;authType&quot;:&quot;apikey&quot;,&quot;name&quot;:&quot;rogue&quot;,&quot;apiKey&quot;:&quot;sk-attacker-controlled&quot;}</code>).</li>
<li>The attacker sends an HTTP PUT request to <code>https://&lt;host&gt;/api/providers/&lt;existing-uuid&gt;</code> to modify an existing provider's configuration, potentially replacing legitimate API keys with their own to redirect traffic or exfiltrate data.</li>
<li>The attacker sends an HTTP DELETE request to <code>https://&lt;host&gt;/api/providers/&lt;existing-uuid&gt;</code> to delete critical provider connections, leading to denial of service for legitimate users.</li>
<li>The attacker sends an HTTP GET request to <code>https://&lt;host&gt;/api/usage/stats</code> to retrieve a list of all plaintext API keys, per-account usage data, and cost information.</li>
<li>The attacker sends an HTTP GET request to <code>https://&lt;host&gt;/api/usage/request-logs</code> to obtain paginated request logs containing timestamps, models, providers, and user emails.</li>
<li>The attacker retrieves individual conversation details by sending an HTTP GET request to <code>https://&lt;host&gt;/api/usage/request-details/&lt;request-uuid&gt;</code>, exposing full conversation turns, including system prompts and sensitive user messages.</li>
<li>The attacker leverages the stolen API keys and conversation data for further malicious activities, such as unauthorized access to AI provider accounts or social engineering.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The identified vulnerabilities have critical consequences. An attacker can add malicious providers to intercept all prompts and responses, modify existing providers to hijack legitimate traffic, or delete all providers to cause a complete denial of service. The compromise extends to a full API key leak via <code>/api/usage/stats</code>, enabling unauthorized use of connected AI provider accounts. Most critically, the <code>/api/usage/request-details</code> endpoint exposes complete conversation histories, including highly sensitive system prompts, user messages, and assistant responses, leading to severe privacy breaches and potential exfiltration of proprietary or confidential information processed by AI models.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Prioritize patching 9Router instances to a version greater than 0.4.41 immediately.</li>
<li>Deploy the provided Sigma rules to your SIEM solution and tune them for your environment to detect attempts to exploit these vulnerabilities against <code>/api/providers</code>, <code>/api/usage/stats</code>, and <code>/api/usage/request-details</code>.</li>
<li>Review web server access logs for any suspicious unauthenticated POST, PUT, or DELETE requests to <code>/api/providers</code> endpoints as well as GET requests to <code>/api/usage/stats</code> or <code>/api/usage/request-details</code> originating from unusual IP addresses.</li>
<li>Implement strong authentication and authorization controls for all sensitive API endpoints in your environment, especially those related to configuration and data access.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>web-vulnerability</category><category>api-security</category><category>data-exfiltration</category><category>credential-access</category><category>denial-of-service</category><category>unauthenticated-access</category></item></channel></rss>