A critical missing-authentication flaw in the 9Router AI proxy lets remote attackers pull plaintext API keys for every connected AI provider account through a single unauthenticated request.
What Is It
CVE-2026-62327 is an unauthenticated information disclosure vulnerability in 9Router (npm package 9router, vendor decolua) affecting all versions through 0.4.41. The /api/usage/stats Next.js API route is missing its authentication middleware, so any remote attacker can send a single unauthenticated request and receive full plaintext API key strings for all connected AI provider accounts; returned alongside token counts, cost breakdowns, and request metadata. The issue is tracked as CWE-306 (Missing Authentication for a Critical Function) and CWE-522 (Insufficiently Protected Credentials), and carries a CVSS 3.1 base score of 9.1 (CRITICAL) with a CVSS 4.0 score of 9.3.
Why It Matters
Exposed keys grant an attacker unauthorized use of the victim's connected AI provider accounts. Per the advisory, this enables billing fraud and quota exhaustion, on top of the direct account takeover of every linked provider. The attack requires no privileges, no user interaction, and low complexity over the network; a single request retrieves the credentials, making exploitation trivial and easily automatable.
What's Vulnerable
- Product: 9Router (
pkg:npm/9router, vendor decolua) - Affected versions: all releases from 0 through 0.4.41 (semver)
- Vector: the unauthenticated
/api/usage/statsendpoint on the Next.js API route
Patch Status
The supplied source material does not include a CISA KEV entry for this CVE, so there is no confirmation of active exploitation in the wild. The NVD record (published 2026-07-13, status "Received") does not list a fixed version or specify a required remediation action. Refer to the vendor GitHub security advisory (GHSA-vjc7-jrh9-9j86) and the VulnCheck advisory below for upgrade and mitigation guidance.