CVE-2026-56678 Overview
CVE-2026-56678 is a Server-Side Request Forgery (SSRF) vulnerability in 9Router, an AI router and token saver application. The flaw resides in the Kiro API-key validation endpoint POST /api/oauth/kiro/api-key, which constructs an upstream URL using a user-controlled region value. An authenticated attacker can supply a crafted region such as kiro-canary.local:8443# to redirect the validation request to an attacker-controlled host. 9Router then forwards the submitted Kiro API key as an Authorization header to that host, exposing the credential. The issue is fixed in version 0.5.6.
Critical Impact
An authenticated attacker can exfiltrate Kiro API keys by coercing 9Router to send authenticated requests to attacker-controlled infrastructure.
Affected Products
- 9Router versions prior to 0.5.6
- 9Router Kiro OAuth integration (src/app/api/oauth/kiro/api-key/route.js)
- 9Router OAuth configuration module (src/lib/oauth/constants/oauth.js)
Discovery Timeline
- 2026-07-15 - CVE-2026-56678 published to NVD
- 2026-07-16 - Last updated in NVD database
Technical Details for CVE-2026-56678
Vulnerability Analysis
The vulnerability is a classic SSRF caused by improper input validation [CWE-20]. The POST /api/oauth/kiro/api-key endpoint interpolates a client-supplied region string directly into the upstream Kiro validation URL. Because the value is neither validated against an allowlist nor URL-encoded, an attacker can inject host, port, and URL fragment characters to break out of the intended hostname structure.
Specifically, a payload like kiro-canary.local:8443# causes the interpolated URL to resolve against kiro-canary.local:8443, with the remainder of the intended URL treated as a URL fragment and discarded by the HTTP client. 9Router then dispatches its outbound request — including the user-supplied Kiro API key in the Authorization header — to the attacker-controlled host. The attacker captures the credential and can also observe or manipulate 9Router's behavior via the crafted upstream response.
Root Cause
The underlying defect is the absence of validation on the region parameter before it is used to build an upstream URL. AWS regions follow a strict pattern such as us-east-1, but the original code accepted arbitrary strings, enabling host injection.
Attack Vector
An authenticated user submits a POST request to /api/oauth/kiro/api-key containing a malicious region value and a Kiro API key. 9Router builds the upstream URL, contacts the attacker's host, and forwards the API key in the Authorization header.
// Security patch in src/lib/oauth/constants/oauth.js
// AWS region allowlist pattern — prevents SSRF via region injection into upstream URLs (GHSA-6mwv-4mrm-5p3m)
export const AWS_REGION_PATTERN = /^[a-z]{2}-[a-z]+-\d{1,2}$/;
// Reject any region that is not a valid AWS region before interpolating it into a URL
export function assertValidAwsRegion(region) {
if (typeof region !== "string" || !AWS_REGION_PATTERN.test(region)) {
throw new Error("Invalid region");
}
return region;
}
Source: GitHub Commit 126aa24
The patch introduces AWS_REGION_PATTERN and assertValidAwsRegion() to reject any region that does not match the canonical AWS region format before URL interpolation. A companion change in the API route stops reflecting upstream response bodies to the client, further hardening against SSRF-based information disclosure.
Detection Methods for CVE-2026-56678
Indicators of Compromise
- Outbound HTTPS connections from the 9Router process to hosts that do not match legitimate AWS Kiro endpoints (*.amazonaws.com, official Kiro service domains).
- Requests to /api/oauth/kiro/api-key containing region values that do not match the pattern ^[a-z]{2}-[a-z]+-\d{1,2}$.
- Presence of URL metacharacters such as #, :, /, @, or ? inside the submitted region field.
Detection Strategies
- Inspect HTTP access logs for POST requests to /api/oauth/kiro/api-key and validate the region parameter against the AWS region regular expression.
- Correlate application-layer requests with outbound network telemetry to identify Kiro validation calls sent to unexpected destinations.
- Alert on 9Router instances running versions prior to 0.5.6 via software inventory scans.
Monitoring Recommendations
- Monitor egress traffic from 9Router hosts and baseline the set of legitimate upstream destinations for Kiro validation.
- Log and retain the full request body of OAuth-related endpoints so post-incident analysis can identify SSRF payloads.
- Track failed and anomalous authentication attempts against Kiro that originate from unexpected source IPs shortly after suspect validation calls.
How to Mitigate CVE-2026-56678
Immediate Actions Required
- Upgrade 9Router to version 0.5.6 or later, which enforces the AWS region allowlist.
- Rotate any Kiro API keys that were submitted through vulnerable 9Router instances, as they may have been exfiltrated.
- Restrict outbound network access from 9Router hosts to known Kiro service endpoints only.
Patch Information
The fix is delivered in 9Router v0.5.6. Technical details are documented in GHSA-6mwv-4mrm-5p3m and the corresponding remediation commit. The patch adds assertValidAwsRegion() validation and suppresses reflection of upstream response bodies to the client.
Workarounds
- Place 9Router behind an egress proxy that only permits connections to approved AWS Kiro hostnames.
- Apply a reverse-proxy or WAF rule to reject requests to /api/oauth/kiro/api-key whose region field does not match ^[a-z]{2}-[a-z]+-\d{1,2}$.
- Limit access to the 9Router administrative interface to trusted users, since exploitation requires authentication.
# Example WAF rule to reject non-conforming region values before reaching 9Router
# (nginx + njs pseudocode)
location = /api/oauth/kiro/api-key {
if ($request_method = POST) {
access_by_lua_block {
local body = ngx.req.get_body_data() or ""
local region = body:match('"region"%s*:%s*"([^"]+)"')
if region and not region:match("^[a-z][a-z]%-[a-z]+%-%d+$") then
ngx.exit(400)
end
}
}
proxy_pass http://9router_upstream;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

