What happened
9Router, a self-hosted AI router/token-saver proxy sitting in front of LLM APIs, exposed /api/settings/database allowing full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import/overwrite without any authentication beyond an easily-bypassed ALWAYS_PROTECTED check. Fixed in 0.4.80.
Why it matters
9Router proxies traffic to numerous downstream LLM providers and stores credentials for all of them; an unauthenticated attacker could exfiltrate every API key/OAuth token the router holds in a single request, or overwrite the entire configuration database to redirect all AI traffic through attacker infrastructure — a supply-chain-level compromise of an AI gateway.
Attack vector
Unauthenticated GET/POST to /api/settings/database bypasses ALWAYS_PROTECTED check to export or overwrite the full application database including all stored LLM API credentials
Affected systems
9Router (npm) < 0.4.80
Mitigation
Upgrade to 9Router ≥0.4.80