Submit #795330: Vanna AI Vanna 2.0.2 Direct SQL Injection via Legacy Flask API in Vannainfo

TitleVanna AI Vanna 2.0.2 Direct SQL Injection via Legacy Flask API in Vanna
DescriptionVanna <= 2.0.2 contains a direct SQL injection vulnerability in its legacy Flask API. The `/api/v0/update_sql` endpoint allows an unauthenticated attacker to store arbitrary SQL statements in the server-side cache, and the `/api/v0/run_sql` endpoint retrieves and executes them directly against the connected database without any validation or parameterization. Combined with the default `NoAuth()` authentication (which requires no credentials), this creates a complete unauthenticated remote SQL injection chain that does not depend on LLM behavior.
Source⚠️ https://github.com/yidaozhongqing/York/issues/1
User
 York Shen (UID 97025)
Submission04/02/2026 09:30 (25 days ago)
Moderation04/24/2026 20:47 (22 days later)
StatusDuplicate
VulDB entry351153 [vanna-ai vanna up to 2.0.2 Endpoint __init__.py update_sql sql injection]
Points0

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!