CVE-2026-5320
Received Received - Intake
Authentication Bypass in vanna-ai Chat API Endpoint (/api/vanna/v

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2026-04-02
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5320
EUVD
EUVD-2026-18120
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vanna-ai vanna to 2.0.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-5320 is a vulnerability in Vanna AI versions up to 2.0.2 affecting the Chat API Endpoint, specifically the /api/vanna/v2/ routes. The issue is a missing authentication mechanism at the HTTP layer, meaning these API endpoints accept requests from any client without requiring authorization headers, API keys, session tokens, or any form of authentication.

This vulnerability arises because the route registration functions do not include authentication middleware, allowing unauthenticated requests to be processed immediately. The user resolution happens later downstream and is insecure, often returning hardcoded demo users without validation.

As a result, any attacker with network access can send unauthenticated requests to these endpoints and receive successful responses with full data, enabling arbitrary natural language queries against the connected database if configured with a real large language model and database backend.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows unauthenticated access to critical API endpoints, enabling attackers to execute arbitrary natural language queries against connected databases without any authentication or access control.

This lack of authentication and access control can lead to unauthorized data access, absence of audit trails, and inability to attribute queries to specific users, which are significant compliance issues under standards like GDPR and HIPAA that require strict access controls, user authentication, and auditability.

Therefore, this vulnerability negatively impacts compliance with common data protection regulations by exposing sensitive data to unauthorized parties and failing to enforce necessary security controls.


How can this vulnerability impact me? :

This vulnerability can have several significant impacts:

  • Unauthenticated database access via natural language queries, potentially exposing sensitive data.
  • Lack of access control, making it impossible to distinguish legitimate users from attackers.
  • No audit trail or attribution of queries to specific users, complicating incident response and accountability.
  • Potential resource abuse, including unauthorized consumption of large language model API tokens and database resources.

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the vulnerable API endpoints for missing authentication. Specifically, sending unauthenticated HTTP POST requests to endpoints such as /api/vanna/v2/chat_poll, /api/vanna/v2/chat_sse, and /api/vanna/v2/chat_websocket and observing if they return successful responses indicates the presence of the vulnerability.

You can use commands like curl to test these endpoints without any Authorization headers. For example:

  • curl -X POST http://<target-host>/api/vanna/v2/chat_poll -d '{"query":"test"}' -H 'Content-Type: application/json'
  • curl -X POST http://<target-host>/api/vanna/v2/chat_sse -d '{"query":"test"}' -H 'Content-Type: application/json'
  • curl -X POST http://<target-host>/api/vanna/v2/chat_websocket -d '{"query":"test"}' -H 'Content-Type: application/json'

If these requests succeed and return data without requiring any authentication token or header, the system is vulnerable.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to implement authentication middleware at the HTTP layer for the vulnerable API endpoints.

For example, if using FastAPI, add an HTTPBearer security scheme with a token verification dependency that validates JWT tokens before processing requests to endpoints like /api/vanna/v2/chat_poll.

This will ensure that only requests with valid authentication tokens are processed, preventing unauthenticated access.

Until an official patch or update is released by the vendor, consider restricting network access to these endpoints using firewall rules or network segmentation to limit exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart