A vulnerability was found in ItzCrazyKns Vane up to 1.12.1 . It has been classified as critical . This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API . This manipulation of the argument baseURL causes server-side request forgery. This vulnerability is registered as CVE-2026-9372 . Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue rep