Platform
python
Component
vanna-ai/vanna
Fixed in
2.0.1
2.0.2
2.0.3
CVE-2026-5320 describes a missing authentication vulnerability discovered in vanna-ai vanna versions 2.0.0 through 2.0.2. This flaw allows attackers to manipulate the /api/vanna/v2/ endpoint without proper authentication, potentially granting unauthorized access to sensitive data or functionality. The vulnerability is remotely exploitable and a public exploit is now available. While a fix is pending, mitigation strategies can be implemented to reduce the risk.
The primary impact of CVE-2026-5320 is unauthorized access to the vanna-ai vanna Chat API Endpoint. An attacker exploiting this vulnerability could potentially retrieve sensitive information processed by the application, modify data, or even execute arbitrary code depending on the underlying functionality exposed by the API. Given the lack of authentication, the blast radius extends to any data or operations accessible through this endpoint. The availability of a public exploit significantly increases the likelihood of exploitation, particularly if the affected versions remain unpatched. This vulnerability shares similarities with other API authentication bypasses, where a lack of proper access controls allows attackers to circumvent security measures.
CVE-2026-5320 is currently considered a high-risk vulnerability due to the public availability of an exploit. The vulnerability was disclosed on 2026-04-02. The vendor, vanna-ai, was contacted but did not respond. The presence of a public exploit suggests a higher probability of exploitation, and organizations should prioritize patching or implementing mitigations. It is not currently listed on CISA KEV, but its severity and public exploit warrant close monitoring.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The immediate mitigation for CVE-2026-5320 is to upgrade to a patched version of vanna-ai vanna as soon as it becomes available. Until a patch is released, restrict access to the /api/vanna/v2/ endpoint using a Web Application Firewall (WAF) or proxy server. Implement strict access control lists (ACLs) to limit access to authorized users and systems only. Consider temporarily disabling the endpoint if it is not critical to operations. Monitor logs for suspicious activity related to the API endpoint, looking for unauthorized requests or unusual patterns. A rollback to a previous, unaffected version is not recommended unless absolutely necessary due to potential instability.
Update the vanna-ai/vanna library to a version later than 2.0.2. This will resolve the missing authentication in the Chat API Endpoint v2.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5320 is a HIGH severity vulnerability in vanna-ai vanna versions 2.0.0–2.0.2 that allows attackers to bypass authentication and access the /api/vanna/v2/ endpoint remotely.
If you are using vanna-ai vanna versions 2.0.0 through 2.0.2 and expose the /api/vanna/v2/ endpoint, you are potentially affected by this vulnerability.
Upgrade to a patched version of vanna-ai vanna as soon as it becomes available. Until then, restrict access to the /api/vanna/v2/ endpoint using a WAF or ACLs.
Yes, a public exploit for CVE-2026-5320 is available, increasing the likelihood of active exploitation.
Please refer to the vanna-ai website or their official communication channels for the advisory regarding CVE-2026-5320.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.