CVE-2026-9372

ItzCrazyKns Vane Model Provider API route.ts server-side request forgery

CVSS 6.9 MEDIUMEPSS 0.3%CWE-918

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

ItzCrazyKns · Vane

PoCs públicas encontradas — 1

cve_referencegithub.com/ItzCrazyKns/Vane/issues/1124no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/ItzCrazyKns/Vane/https://github.com/ItzCrazyKns/Vane/issues/1124 https://vuldb.com/submit/813211 https://vuldb.com/vuln/365336 https://vuldb.com/vuln/365336/cti