The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.