A Server-Side Request Forgery (SSRF) vulnerability has been identified in vanna-ai/vanna, specifically when utilizing DuckDB as the database backend. This flaw allows attackers to craft malicious SQL queries that leverage DuckDB's functionalities, such as readcsv, readcsvauto, readtext, and read_blob, to initiate unauthorized requests to both internal and external resources. The vulnerability impacts all versions of vanna-ai/vanna up to the latest release, and a patch is expected to address this issue.
The SSRF vulnerability in vanna-ai/vanna poses a significant risk because it enables attackers to bypass security controls and access resources that should be protected. By crafting specific SQL queries, an attacker can manipulate DuckDB into making requests to internal services, external APIs, or even arbitrary URLs. This could lead to the exfiltration of sensitive data stored within the system, unauthorized access to internal network resources, and potentially, the launching of further attacks against other systems. The ability to read arbitrary files via read_csv and related functions expands the potential attack surface considerably, allowing attackers to potentially read configuration files or other sensitive data.
CVE-2024-8099 was publicly disclosed on 2025-03-20. The vulnerability's severity is rated HIGH (CVSS 8.3). Currently, there are no known public proof-of-concept exploits available. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation depends on the configuration of the DuckDB instance and the network environment.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-8099 is to upgrade to a patched version of vanna-ai/vanna as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds to limit the impact of the vulnerability. These workarounds may include restricting network access for the DuckDB instance, implementing strict input validation on SQL queries to prevent malicious commands, and utilizing a Web Application Firewall (WAF) to filter out suspicious requests. Monitor DuckDB logs for unusual activity, particularly requests to unexpected URLs. After upgrading, verify the fix by attempting to trigger the SSRF vulnerability with a known malicious query and confirming that the request is blocked or fails.
Update the vanna-ai/vanna library to the latest available version. This should include the fix for the SSRF vulnerability. Verify the release notes to confirm that the vulnerability has been addressed.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-8099 is a Server-Side Request Forgery vulnerability in vanna-ai/vanna that allows attackers to make unauthorized requests through DuckDB's read_csv functions, potentially accessing sensitive data.
If you are using vanna-ai/vanna with DuckDB as the database and have not upgraded to a patched version, you are potentially affected by this SSRF vulnerability.
The recommended fix is to upgrade to a patched version of vanna-ai/vanna as soon as it becomes available. Until then, implement workarounds like restricting network access and input validation.
As of the current disclosure date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants immediate attention and mitigation.
Refer to the official vanna-ai project repository and security advisories for updates and the latest information regarding CVE-2024-8099.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.