CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-56676

highCVSS 7.4covered by 1 sourcefirst seen 2026-07-10
9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy can use a vision-capable model and an attacker-controlled DNS name that first resolves to a public IP and then rebinds to an internal address, allowing server-side requests to internal-only HTTP services. This issue is fixed in version 0.5.2.

⚡ Watch CVE-2026-56676

Get an email if CVE-2026-56676 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-56676

CVE.org record

Embed the live status

CVE-2026-56676 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-56676 status](https://www.csirts.com/badge/CVE-2026-56676)](https://www.csirts.com/cve/CVE-2026-56676)