CVE-2026-9371

Source
https://cve.org/CVERecord?id=CVE-2026-9371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9371
Published
2026-05-24T09:45:12.809Z
Modified
2026-07-08T08:12:01.319303954Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
ItzCrazyKns Vane API route.ts missing authentication
Details

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9371.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ]
}
References

Affected packages

Git / github.com/itzcrazykns/vane

Affected ranges

Type
GIT
Repo
https://github.com/itzcrazykns/vane
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.12.0"
        },
        {
            "last_affected": "1.12.0"
        },
        {
            "introduced": "1.12.1"
        },
        {
            "last_affected": "1.12.1"
        }
    ]
}

Affected versions

1.*
1.12.0
1.12.1
v1.*
v1.12.0
v1.12.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9371.json"