CVE-2026-9372 | ItzCrazyKns Vane up to 1.12.1 Model Provider API route.ts baseURL server-side request forgery (Issue 1124)

A vulnerability was found in ItzCrazyKns Vane up to 1.12.1. It has been classified as critical. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery.

This vulnerability is registered as CVE-2026-9372. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More