EUVD-2026-12375

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the updatesql function. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for vanna...

CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

Vanna 代码问题漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier contained a code vulnerability. This vulnerability stemmed from improper handling of the updatesql/runsql functions in the file src/vanna/legacy/flask/init.py of the component Endpoint. It could lead to...