Summary
CVE-2026-49352 is a critical authentication bypass vulnerability (CVSS 9.8) in 9Router, a self-hosted Node.js/Next.js proxy for AI coding tools. The application shipped a publicly known hardcoded fallback JWT secret — 9router-default-secret-change-me — committed directly to its source repository. When the JWT_SECRET environment variable is not explicitly set, any unauthenticated remote attacker can use this secret to forge a valid auth_token cookie and gain full administrative access to the 9Router dashboard and API. A public proof-of-concept exploit has been available since July 6, 2026.
Technical details
- Root cause: The literal string
9router-default-secret-change-meis hardcoded as a fallback JWT signing secret in three source files —src/app/api/auth/login/route.js,src/middleware.js, andsrc/lib/auth/dashboardSession.js(CWE-798: Use of Hard-coded Credentials). Because this value is committed to the public repository and is identical across all affected releases, it cannot be treated as a secret. - Trigger condition: The fallback activates whenever the
JWT_SECRETenvironment variable is absent or unset at application startup. Deployments that have explicitly configuredJWT_SECRETto a unique random value are not affected. - Attack vector: A remote, unauthenticated attacker signs a JWT payload with the publicly known secret and submits the resulting token as an
auth_tokencookie to any network-reachable 9Router instance. No valid credentials, prior access, or user interaction are required. - Impact: Successful exploitation grants complete access to the 9Router dashboard and API — including full confidentiality, integrity, and availability impact on the managed AI routing configuration, connected provider credentials, and any data routed through the instance.
- Public PoC: A Go-based proof-of-concept (published July 6, 2026 at
covepseng/cve-2026-49352-poc) automates exploitation in three steps: forging the dashboard session JWT with the hardcoded secret, presenting it as anauth_tokencookie to/dashboard, and optionally probing protected API endpoints such as/api/settings/databaseto confirm unauthorized access.
Affected software
- 9Router versions 0.2.21 through 0.4.44 (inclusive)
Severity
- CVSS v3.1 Base Score: 9.8 (Critical)
- Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Mitigation and recommended actions
- Immediate — upgrade: Update 9Router to version 0.4.45 or later, which removes the hardcoded fallback secret.
- If immediate upgrade is not possible — enforce
JWT_SECRET: Set theJWT_SECRETenvironment variable to a cryptographically random value in your deployment configuration (.env, Docker Compose, PM2 ecosystem file, or equivalent). This eliminates the fallback path and prevents exploitation of the hardcoded default, even on unpatched versions. - Network mitigation: If 9Router is not required to be internet-facing, restrict access to the dashboard port using firewall rules, network policies, or reverse proxy authentication controls until the upgrade can be applied.
IONIX Status
The IONIX research team is tracking ongoing exploitation attempts and recommends immediate patching. Potentially affected assets are outlined in this post.

