PT-2026-42932 · Itzcrazykns · Vane
Yu-Bao
·
Published
2026-05-24
·
Updated
2026-05-24
·
CVE-2026-9371
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ItzCrazyKns Vane versions prior to 1.12.2
Description
An issue exists in the API component within the
route.ts file where unknown functionality allows for missing authentication. This flaw enables a remote attacker to bypass authentication mechanisms, although the attack complexity is high and exploitation is considered difficult.Recommendations
Update to version 1.12.2 or later.
As a temporary mitigation, restrict access to the API component's
route.ts file to minimize the risk of unauthorized access.Exploit
Fix
Improper Authentication
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vane