Product
A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-9372, exists in ItzCrazyKns Vane up to version 1.12.1, allowing a remote attacker to manipulate the baseURL argument in the Model Provider API component and potentially conduct internal reconnaissance or access sensitive data.