CVE-2026-5321 | vanna-ai vanna up to 2.0.2 FastAPI/Flask Server cross-domain policy

Inserito da Angelo Barbosa | Apr 1, 2026 | CVE

A vulnerability was found in vanna-ai vanna up to 2.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains.

This vulnerability is tracked as CVE-2026-5321. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5321 | vanna-ai vanna up to 2.0.2 FastAPI/Flask Server cross-domain policy

Post correlati

CVE-2024-35746 | Asghar Hatampoor BuddyPress Cover Plugin up to 2.1.4.2 on WordPress unrestricted upload

CVE-2025-7726 | Dream-Theme The7 Plugin up to 12.6.0 on WordPress jQuery.attr title/data-dt-img-description cross site scripting

CVE-2024-2924 | Creative Addons for Elementor Plugin up to 1.5.12 on WordPress cross site scripting

CVE-2024-39848 | Internet2 Grouper/Grouper for Web Services LDAP Authentication improper authentication