AI Router Vulnerability Exposes Internal HTTP Services via DNS Rebinding
CVE-2026-56676

7.4HIGH

Key Information:

Vendor

Decolua

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56676?

The 9Router AI router, specifically versions prior to 0.5.2, is susceptible to a DNS rebinding vulnerability where an authenticated attacker with access to the LLM proxy can exploit the image URL validation process. This flaw arises because the server-side image fetch mechanism resolves DNS queries separately, enabling attackers to redirect image requests from a public IP to internal addresses. As a result, this vulnerability facilitates unauthorized access to internal-only HTTP services, which poses a significant risk to network security. The issue has been addressed in version 0.5.2.

Affected Version(s)

9router < 0.5.2

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.