Keygraph Shannon contains a hard-coded API key in its router configuration that allows network attackers to authenticate using a publicly known static key. When the router component is enabled and exposed, attackers can proxy requests through the Shannon instance using victim's configured upstream provider API credentials. This results in unauthorized API usage and potential disclosure of proxied request and response data. The vulnerability allows attackers to reach the router port and exploit the authentication bypass. The issue has been mitigated with commit 023cc95.