CVE-2026-9372 ItzCrazyKns CVE debrief

Who should care

Organizations running ItzCrazyKns Vane versions up to 1.12.1, particularly those exposing the Model Provider API to untrusted networks. Security teams responsible for AI/ML infrastructure and application security engineers managing self-hosted language model frontends.

Technical summary

The vulnerability resides in the route.ts file handling Model Provider API requests. Insufficient validation of the baseURL parameter enables attackers to supply arbitrary URLs, causing the server to issue requests to unintended destinations. This can facilitate internal network reconnaissance, access to cloud metadata services, or interaction with internal APIs. The attack requires no authentication and can be executed remotely with low complexity.

Defensive priority

medium

Recommended defensive actions

• Review and restrict outbound network connectivity from Vane application servers to limit SSRF blast radius
• Implement strict allowlist validation for baseURL parameter in src/app/api/providers/route.ts, permitting only trusted model provider endpoints
• Deploy input sanitization to reject URLs containing private IP ranges, localhost references, and internal DNS names
• Monitor application logs for anomalous outbound requests originating from the Model Provider API component
• Consider network segmentation to isolate Vane instances from sensitive internal infrastructure
• Await official patch from ItzCrazyKns/Vane project; monitor GitHub issue 1124 for maintainer response

Evidence notes

Vulnerability confirmed through Vuldb submission 813211 and assigned CVE-2026-9372. GitHub issue 1124 documents pre-disclosure contact attempt. NVD status marked as Deferred as of 2026-05-26. CVSS 4.0 vector provided by Vuldb. No CISA KEV listing present.

Official resources