Executive Summary

CVE-2026-6977 is a security vulnerability in the legacy Flask API component of the Vanna AI product, version 2.0.2. The root cause is that the API defaults to using a NoAuth() authentication backend, which disables authentication by accepting all requests without credentials.

This means that over 20 critical API endpoints are exposed to unauthenticated remote access, allowing attackers to interact with the system without any login or verification.

The NoAuth class overrides authentication methods to always return successful login status, effectively bypassing any security checks.

• Endpoints exposed include those for executing and modifying SQL, managing training data, creating and deleting functions, retrieving sensitive configuration and user data, triggering costly large language model operations, and downloading query results.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthenticated attackers to gain full database access and execute arbitrary SQL commands, which can lead to data manipulation or destruction.

Attackers can exfiltrate sensitive data by downloading query results without authorization.

They can poison or delete training data, potentially corrupting the AI model's behavior.

Attackers can abuse costly large language model operations, causing resource exhaustion or financial costs.

Internal server configuration and sensitive user data can be exposed, increasing the risk of further attacks.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the legacy Flask API endpoints under /api/v0/* are accessible without authentication. Specifically, unauthenticated requests to endpoints such as /api/v0/get_config or /api/v0/get_question_history returning sensitive data indicate the presence of the vulnerability.

You can use commands like curl to test access to these endpoints without credentials. For example:

• curl -X GET http://<target-host>/api/v0/get_config
• curl -X GET http://<target-host>/api/v0/get_question_history

If these commands return data without requiring authentication, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves disabling the default NoAuth() authentication backend in the legacy Flask API component. The application should be configured to require explicit authentication for all API endpoints.

Specifically, the constructor of the VannaFlaskApp class should be changed to either raise an error if no authentication backend is provided or at least log a prominent security warning if NoAuth() is used.

Until a proper authentication mechanism is implemented, restrict network access to the vulnerable API endpoints to trusted users only, for example by firewall rules or network segmentation.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated remote attackers to access and manipulate critical API endpoints, leading to unauthorized data access, data exfiltration, and data poisoning.

Such unauthorized access and potential data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive data.

Specifically, the exposure of sensitive configuration, user data, and the ability to execute arbitrary SQL or download query results without authentication violates principles of confidentiality and integrity mandated by these standards.

Therefore, organizations using the affected software without proper mitigation risk failing to meet compliance requirements related to data security and privacy.

Useful 0 Not Useful 0