Is there a public PoC exploit available for CVE-2026-5320?

Yes, a public proof-of-concept exploit is available for CVE-2026-5320. Prioritise patching immediately. EPSS: 0.1%.

CVE-2026-5320

Q: What is the CVSS score of CVE-2026-5320?

CVE-2026-5320 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-18120 MEDIUM

Missing Authentication for Critical Function (CWE-306)

2026-04-02 VulDB

GHSA-j638-g9qc-36f4

Authentication Bypass

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 03, 2026 - 16:10 vuln.today

Public exploit code

EUVD ID Assigned

Apr 02, 2026 - 04:30 euvd

EUVD-2026-18120

Analysis Generated

Apr 02, 2026 - 04:30 vuln.today

CVE Published

Apr 02, 2026 - 03:45 nvd

MEDIUM 6.9

DescriptionNVD

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Missing authentication in vanna-ai vanna Chat API endpoint (/api/vanna/v2/) allows unauthenticated remote attackers to perform unauthorized operations with low-complexity attacks. Affects vanna-ai vanna versions up to 2.0.2. …

RemediationAI

Within 24 hours: audit network access logs to vanna-ai API endpoints (/api/vanna/v2/) for unauthorized requests; isolate affected vanna-ai instances from untrusted networks if running versions ≤2.0.2. Within 7 days: implement network-level authentication controls (API gateway, WAF rules requiring authentication headers) as interim protection; contact vanna-ai vendor for patch timeline and status. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5320 vulnerability details – vuln.today

Back

CVE-2026-5320

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CVE-2026-5320

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code