Which versions of Google are affected by CVE-2026-4229?

A critical SQL injection vulnerability in Vanna AI's BigQuery implementation allows unauthenticated attackers to execute arbitrary database commands, potentially exposing sensitive data or disrupting…

Is there a public PoC exploit available for CVE-2026-4229?

Yes, a public proof-of-concept exploit is available for CVE-2026-4229. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4229?

Within 24 hours: Identify all systems running Vanna library versions ≤2.0.2 and isolate them from production networks or restrict access via network controls. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns targeting the remove_training_data function endpoint, and disable the remove_training_data feature if not operationally critical. Within 30 days: Upgrade to Vanna version 2.0.3 or later once patches are released, or migrate to alternative vector storage implementations without SQL injection exposure.

Google CVE-2026-4229

Q: What is the CVSS score of CVE-2026-4229?

CVE-2026-4229 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-12373 MEDIUM

SQL Injection (CWE-89)

2026-03-16 VulDB

GHSA-6mj8-jmp2-g8q7

Google SQLi

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 22, 2026 - 21:37 NVD

HIGH MEDIUM

CVSS changed

Apr 22, 2026 - 21:37 NVD

7.3 (HIGH) 6.9 (MEDIUM)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 09:00 euvd

EUVD-2026-12373

Analysis Generated

Mar 16, 2026 - 09:00 vuln.today

CVE Published

Mar 16, 2026 - 08:32 nvd

HIGH 7.3

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 pypi packages depend on vanna (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.0.2.

DescriptionCVE.org

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Vanna AI's BigQuery integration (versions up to 2.0.2) allows unauthenticated remote attackers to manipulate the remove_training_data function through unsanitized ID parameters. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted ID parameter to remove_training_data

Exploit

Inject SQL code into query string

Execution

Execute unauthorized database commands

Impact

Extract or modify data