CVE-2026-4229

HIGH

vanna-ai vanna bigquery_vector.py remove_training_data sql injection

Title source: cna

Description

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-351152 | vanna-ai vanna bigquery_vector.py remove_training_data sql injection

https://vuldb.com/?id.351152

Signature, Permissions Required signature permissions-required

VDB-351152 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.351152

Third Party Advisory third-party-advisory

Submit #771214 | vanna-ai Vanna 2.0.2 SQL Injection (CWE-89)

https://vuldb.com/?submit.771214

Exploit exploit

https://gist.github.com/YLChen-007/b4f326eaecc29b192cf93dc5d6bc0623

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (4)

pypi/vanna 0PyPI

vanna-ai/vanna 2.0.0

vanna-ai/vanna 2.0.1

vanna-ai/vanna 2.0.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026