CVE-2026-9372 in Vane信息

摘要

由 MITRE • 2026-05-24

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

VulDB

披露

2026-05-24

管理

已接受

条目

VDB-365336

CPE

准备好

CWE

CWE-918 (已确认)

利用

下载

CVSS

7.3 (VulDB)

EPSS

0.00053

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9372
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9372
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9372/

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!