CVE-2026-6977 | vanna-ai vanna up to 2.0.2 Legacy Flask API improper authorization

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability classified as critical has been found in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization.

This vulnerability is traded as CVE-2026-6977. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6977 | vanna-ai vanna up to 2.0.2 Legacy Flask API improper authorization

Post correlati

CVE-2026-27625 | Stirling-Tools Stirling-PDF up to 2.5.1 PDF File Parser pdf path traversal

CVE-2024-41967 | WAGO CC100 0751-9×01 Firmware Upgrade missing authentication (VDE-2024-047)

CVE-2024-10928 | MonoCMS up to 20240528 Posts Page /monofiles/opensaved.php filtcategory/filtstatus cross site scripting

CVE-2025-15414 | go-sonic up to 1.1.4 Theme Fetching API git_fetcher.go FetchTheme uri server-side request forgery