vanna-ai vanna Chat API Endpoint v2 missing authentication

Description

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

Vendor	Product	Versions
vanna-ai	vanna	2.0.0, 2.0.1, 2.0.2

References

https://vuldb.com/vuln/354652(vdb-entry)
https://vuldb.com/vuln/354652/cti(signature, permissions-required)
https://vuldb.com/submit/780727(third-party-advisory)
https://github.com/August829/CVEP/issues/13(exploit, issue-tracking)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-306, CWE-287

PublishedApr 2, 2026

Last enriched1h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

vanna-ai vanna Chat API Endpoint v2 missing authentication

Description

Affected Products

References

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline