CVE-2026-4231 | vanna-ai vanna up to 2.0.2 Endpoint init.py update_sql/run_sql server-side request forgery

March 15, 2026 Yanac

A vulnerability was found in vanna-ai vanna up to 2.0.2. It has been classified as critical. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Performing a manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-4231. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More