Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Decolua
Decolua 9router |
|
| Vendors & Products |
Decolua
Decolua 9router |
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | 9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation histories including system prompts, user messages, assistant responses, tool calls, and user email addresses by querying the request-logs and request-details API routes which lack authentication middleware. | |
| Title | 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints | |
| Weaknesses | CWE-359 CWE-862 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-13T21:37:52.094Z
Reserved: 2026-07-13T21:36:08.380Z
Link: CVE-2026-62328
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T13:00:04Z