CVE-2026-9371
MEDIUMItzCrazyKns Vane API route.ts missing authentication
Title source: cnaDescription
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
Submit #813209 | ItzCrazyKns Vane 1.12.1 API Key Exposure
https://vuldb.com/submit/813209
Vdb Entry vdb-entry
VDB-365334 | ItzCrazyKns Vane API route.ts missing authentication
https://vuldb.com/vuln/365334
Signature, Permissions Required signature
permissions-required
VDB-365334 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/365334/cti
Third Party Advisory third-party-advisory
Submit #813210 | ItzCrazyKns Vane 1.12.1 Missing Authentication for Critical Function (Duplicate)
https://vuldb.com/submit/813210
Issue Tracking issue-tracking
https://github.com/ItzCrazyKns/Vane/issues/1122
Exploit exploit
issue-tracking
https://github.com/ItzCrazyKns/Vane/issues/1123
Product product
https://github.com/ItzCrazyKns/Vane/
Scores
CVSS v3
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R
Details
CWE
CWE-287
CWE-306
Status
published
Products (2)
ItzCrazyKns/Vane
1.12.0
ItzCrazyKns/Vane
1.12.1
Published
May 24, 2026
Tracked Since
May 24, 2026