Plateforme
python
Composant
vanna-ai/vanna
Corrigé dans
2.0.1
2.0.2
2.0.3
CVE-2026-4231 describes a server-side request forgery (SSRF) vulnerability discovered in vanna-ai vanna versions 2.0.0 through 2.0.2. This flaw allows attackers to manipulate the application to make requests to unintended internal or external resources, potentially leading to data exposure or further exploitation. The vulnerability resides within the updatesql/runsql function of the src/vanna/legacy/flask/init.py file. A public exploit is available, increasing the risk of immediate exploitation.
The SSRF vulnerability in vanna-ai vanna allows an attacker to craft malicious requests that the application will then execute on behalf of the server. This can lead to several severe consequences. An attacker could potentially access sensitive internal resources that are not directly exposed to the internet, such as configuration files, database credentials, or internal APIs. They might also be able to scan internal networks for other vulnerable services or launch attacks against them. Given the public availability of an exploit, the blast radius is significant, and rapid exploitation is likely. The lack of vendor response further exacerbates the risk.
CVE-2026-4231 has been publicly disclosed, and a proof-of-concept exploit is available, indicating a high probability of exploitation. The vulnerability was reported on 2026-03-16. The lack of response from the vendor raises concerns about the timeliness of a patch and increases the risk of widespread exploitation. The vulnerability is not currently listed on CISA KEV, but its public nature and ease of exploitation warrant close monitoring.
Organizations deploying vanna-ai vanna in environments with internal resources accessible via HTTP or HTTPS are at significant risk. This includes development environments, staging servers, and production deployments. Shared hosting environments where multiple users share the same vanna-ai vanna instance are particularly vulnerable, as a compromise of one user's account could potentially lead to the compromise of the entire system.
• python / server:
journalctl -u vanna -f | grep -i "server-side request forgery"• generic web:
curl -I http://your-vanna-instance/update_sql/run_sql?url=http://internal-resource | grep "Internal Server Error"disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 15%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-4231 is to upgrade to a patched version of vanna-ai vanna as soon as it becomes available. Until a patch is released, implement temporary workarounds to reduce the attack surface. A Web Application Firewall (WAF) can be configured to block suspicious requests that attempt to access internal resources. Specifically, WAF rules should be implemented to filter requests based on the target URL, restricting access to known internal IP addresses or domains. Additionally, input validation and sanitization on the updatesql/runsql function can help prevent malicious URLs from being processed. Monitor application logs for unusual outbound requests.
Mettez à jour la bibliothèque vanna vers une version ultérieure à 2.0.2. Cela corrigera la vulnérabilité de Server-Side Request Forgery (SSRF) dans la fonction update_sql/run_sql.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-4231 is a server-side request forgery (SSRF) vulnerability affecting vanna-ai vanna versions 2.0.0–2.0.2, allowing attackers to make requests on behalf of the server.
If you are using vanna-ai vanna versions 2.0.0 through 2.0.2, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of vanna-ai vanna. Until a patch is available, implement WAF rules and input validation as temporary mitigations.
A public exploit exists, indicating a high probability of active exploitation. Monitor your systems closely.
Due to lack of vendor response, an official advisory may not be available. Monitor vanna-ai's website and security mailing lists for updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.