Nasty but I was expecting a remote unauthenticated attack at 9.9. Hopefully you don't allow admin on WAN!
Thanks for finding the bugs and writing about the design pattern problem, HackerAsk.
Are you not using LLMs as part of your toolkit in 2026?