CVE-2026-5320 | vanna-ai vanna up to 2.0.2 Chat API Endpoint /api/vanna/v2/ missing authentication

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability has been found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication.

This vulnerability is identified as CVE-2026-5320. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5320 | vanna-ai vanna up to 2.0.2 Chat API Endpoint /api/vanna/v2/ missing authentication

Post correlati

CVE-2024-1403 | Progress OpenEdge up to 11.7.18/12.2.13/12.8.0 authentication bypass

CVE-2026-3793 | SourceCodester Sales and Inventory System 1.0 GET Parameter sales_invoice1.php sellid sql injection

CVE-2024-22722 | Form Tools 3.1.1 Template Group Name injection

CVE-2025-14406 | Soda PDF Desktop uncontrolled search path (ZDI-25-1079)