Which versions of Vanna are affected by CVE-2026-5320?

CVE-2026-5320 is a critical authentication bypass in vanna-ai Chat API (versions up to 2.0.2) that allows unauthenticated attackers to perform arbitrary operations remotely.

Is there a public PoC exploit available for CVE-2026-5320?

Yes, a public proof-of-concept exploit is available for CVE-2026-5320. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-5320?

Within 24 hours: audit network access logs to vanna-ai API endpoints (/api/vanna/v2/) for unauthorized requests; isolate affected vanna-ai instances from untrusted networks if running versions ≤2.0.2. Within 7 days: implement network-level authentication controls (API gateway, WAF rules requiring authentication headers) as interim protection; contact vanna-ai vendor for patch timeline and status. Within 30 days: upgrade to patched version immediately upon vendor release; if no patch released, evaluate alternative solutions or persistent network segmentation.

Vanna CVE-2026-5320

Q: What is the CVSS score of CVE-2026-5320?

CVE-2026-5320 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-18120 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-04-02 VulDB

GHSA-j638-g9qc-36f4

Authentication Bypass Vanna

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 03, 2026 - 16:10 vuln.today

Public exploit code

EUVD ID Assigned

Apr 02, 2026 - 04:30 euvd

EUVD-2026-18120

Analysis Generated

Apr 02, 2026 - 04:30 vuln.today

CVE Published

Apr 02, 2026 - 03:45 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Missing authentication in vanna-ai vanna Chat API endpoint (/api/vanna/v2/) allows unauthenticated remote attackers to perform unauthorized operations with low-complexity attacks. Affects vanna-ai vanna versions up to 2.0.2. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk is elevated due to converging threat signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker identifies an internet-facing vanna-ai deployment through reconnaissance scanning for the /api/vanna/v2/ endpoint. Using the publicly available GitHub POC code (August829/CVEP/issues/13), the attacker crafts API requests to the Chat endpoint without providing credentials. …
Remediation	No vendor-released patch identified at time of analysis, as the maintainer did not respond to responsible disclosure attempts. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit network access logs to vanna-ai API endpoints (/api/vanna/v2/) for unauthorized requests; isolate affected vanna-ai instances from untrusted networks if running versions ≤2.0.2. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5320 vulnerability details – vuln.today

Back