CVE-2026-9371
5.6 MEDIUMA security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1
Published: 2026-05-24 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 5.6 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-287, CWE-306
Description
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9371
- [Other]https://github.com/ItzCrazyKns/Vane/
- [Other]https://github.com/ItzCrazyKns/Vane/issues/1122
- [Other]https://github.com/ItzCrazyKns/Vane/issues/1123
- [Other]https://vuldb.com/submit/813209
- [Other]https://vuldb.com/submit/813210
- [Other]https://vuldb.com/vuln/365334
- [Other]https://vuldb.com/vuln/365334/cti
Related CVEs
Same CWE
- CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
- CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2018-25437 — WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)