Description
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (remote)
Action: Patch Immediately
AI Analysis

Impact

A flaw in vanna‑ai vanna versions up to 2.0.2 allows an attacker to manipulate the ID argument in the remove_training_data function of src/vanna/legacy/google/bigquery_vector.py, resulting in SQL injection. This vulnerability permits execution of arbitrary SQL statements, potentially compromising data confidentiality and integrity. The associated weaknesses are listed as CWE‑74 and CWE‑89.

Affected Systems

vanna‑ai vanna, all released versions including 1.x and 2.0.2, are affected. No specific sub‑version details beyond 2.0.2 are provided.

Risk and Exploitability

The CVSS score of 6.9 indicates a Medium severity level. The EPSS score is reported as less than 1 %, suggesting a low current exploitation probability. The vulnerability is not recorded in the CISA KEV catalog. Exploitation can be performed remotely through the API that accepts an external ID parameter, and published exploits are available.

Generated by OpenCVE AI on March 17, 2026 at 12:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vanna to any version newer than 2.0.2 to remove the injection flaw
  • If upgrade is not immediately possible, restrict external access to the remove_training_data API endpoint and monitor for anomalous activity
  • Implement input validation or sanitization on the ID parameter to prevent malicious payloads

Generated by OpenCVE AI on March 17, 2026 at 12:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6mj8-jmp2-g8q7 Vanna has a SQL injection in the remove_training_data function
History

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Vanna-ai
Vanna-ai vanna
Vendors & Products Vanna-ai
Vanna-ai vanna

Mon, 16 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title vanna-ai vanna bigquery_vector.py remove_training_data sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Vanna-ai Vanna
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-16T16:35:33.466Z

Reserved: 2026-03-15T18:45:03.703Z

Link: CVE-2026-4229

cve-icon Vulnrichment

Updated: 2026-03-16T16:35:27.891Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T14:20:16.277

Modified: 2026-03-16T14:53:07.390

Link: CVE-2026-4229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:21Z

Weaknesses