CVE-2026-9372
HighSummary
A flaw has been found in ItzCrazyKns Vane up to 1.12.1, affecting unknown code in the file src/app/api/providers/route.ts of the Model Provider API component. Manipulation of the argument baseURL leads to server-side request forgery.
Risk Assessment
The possibility of remote exploitation poses a serious risk to server security, potentially leading to unauthorized access to internal systems.
Recommendation
It is recommended to update to the latest version of ItzCrazyKns Vane to mitigate this vulnerability and to monitor systems for potential attacks.
Original NVD description (English source)
A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

