Product
An unauthenticated information disclosure vulnerability in 9Router through version 0.4.41 allows remote attackers to access sensitive user data by querying unprotected API endpoints like `/request-logs` and `/request-details` to enumerate paginated request logs and retrieve complete AI conversation histories, including system prompts, user messages, assistant responses, tool calls, and user email addresses, due to a lack of authentication middleware.