9router ships a hardcoded fallback JWT secret, plus an unfixed host-header spoof and missing authz on top
9router — an npm-distributed LLM request router — falls back to a hardcoded default JWT signing secret when none is configured, so any deployment that didn't override it accepts attacker-forged tokens outright (CVSS 9.8); a second advisory shows the earlier host-header "local-only" access gate can still be spoofed past its own fix, and a third covers missing authorization paired with OS command injection. Three advisories against one small routing proxy in the same batch means someone went looking hard, and each bug alone is enough for full takeover of whatever backend the router fronts. Set an explicit, random JWT secret before deploying, don't trust Host-header-based access gates at all, and upgrade past the patched releases across all three CVEs.