What is GHSA-wp4r-2xxm-f94x?

GHSA-wp4r-2xxm-f94x is a security advisory published by GitHub Security Advisories with Low severity. A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this...

Which CVE IDs does GHSA-wp4r-2xxm-f94x cover?

GHSA-wp4r-2xxm-f94x covers the following CVE IDs: CVE-2026-9371. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-wp4r-2xxm-f94x?

GHSA-wp4r-2xxm-f94x has a CVSS v3 base score of 5.6, published by GitHub Security Advisories.

GHSA-wp4r-2xxm-f94xLowCVSS 5.6

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-9371 →

📋 Description

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-9371
https://github.com/ItzCrazyKns/Vane/issues/1122
https://github.com/ItzCrazyKns/Vane/issues/1123
https://github.com/ItzCrazyKns/Vane
https://vuldb.com/submit/813209
https://vuldb.com/submit/813210
https://vuldb.com/vuln/365334
https://vuldb.com/vuln/365334/cti
https://github.com/advisories/GHSA-wp4r-2xxm-f94x