API Access Bypass in 9Router by Decolua
CVE-2026-55638
8.6HIGH
What is CVE-2026-55638?
The vulnerability in 9Router allows remote unauthenticated attackers to bypass API key protections. Specifically, prior to version 0.5.2, the /codex endpoint was not properly secured, which let attackers make requests that could utilize sensitive operator-stored credentials. The flaw was addressed in version 0.5.2, ensuring better security for API interactions.
Affected Version(s)
9router < 0.5.2
