CVE-2026-9372 | ItzCrazyKns Vane up to 1.12.1 Model Provider API route.ts baseURL server-side request forgery (Issue 1124)

A vulnerability was found in ItzCrazyKns Vane up to 1.12.1. It has been classified as critical. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery.

This vulnerability is registered as CVE-2026-9372. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-9372 | ItzCrazyKns Vane up to 1.12.1 Model Provider API route.ts baseURL server-side request forgery (Issue 1124)

Post correlati

CVE-2025-13741 | Schedule Post Changes with PublishPress Future Plugin getAuthors authorization

CVE-2024-8218 | code-projects Online Quiz Site 1.0 index.php loginid sql injection

CVE-2023-51503 | Automattic WooPayments Plugin up to 6.9.2 on WordPress authorization

CVE-2025-0607 | Logo Cloud up to 2.56 cross site scripting