CVE-2026-55641: CWE-290: Authentication Bypass by Spoofing in decolua 9router
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-05-07 - Emergency
This emergency release introduces a new rule to detect Next.js App Router middleware and proxy bypass attempts via segment-prefetch routes (
CTRL-AI v1: Transparent HTTP Proxy for Securing AI Agents with Guardrails
CTRL-AI v1 is a transparent HTTP proxy that sits between your AI agent and LLM provider, enforcing guardrails, auditing behavior, and blocki
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
Hello! Yes, it's all a disaster again! Let's get this party started: 0:00 /0:12 1× No comments today, so imagine this: * We wrote something
watchTowr Labs·2mo agoUnpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding
Critical Undocumented Authentication Backdoor Found in Multiple Tenda Router Firmware Versions (CVE-2026-11405)
Tenda firmware (multiple versions) contains hidden authentication backdoor

WAF - WAF Release - 2025-05-19
This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets

Comments
Sign in to join the conversation.
No comments yet. Be the first.