vanna-ai — CVE-2026-6977 Improper Authorization in Legacy Flask API
AI relevance: vanna-ai is an open-source AI-powered SQL-to-visualization tool used by data teams; improper authorization in its API layer allows remote attackers to bypass access controls on AI-generated data queries and visualizations.
- Product: vanna-ai (open-source AI data analysis and visualization tool)
- CVE: CVE-2026-6977 (CVSS 7.3)
- Component: Legacy Flask API — unspecified function
- Vulnerability: Improper authorization (CWE-863)
- Attack vector: Network, no authentication required
- Affected versions: up to 2.0.2
- Vendor response: No public response; exploit is publicly disclosed
Why it matters
This is a second distinct CVE for vanna-ai in 2026 — following CVE-2026-5320 (missing authentication in the Chat API) published earlier in April. The legacy Flask API component lacks proper authorization checks, allowing unauthenticated remote attackers to perform unauthorized actions against the tool's data analysis endpoints.
Unlike the earlier Chat API vulnerability, CVE-2026-6977 targets a different surface: the Legacy Flask API. Organizations running vanna-ai against production databases may have AI-generated queries, table schemas, and visualization data exposed to unauthorized access. With public exploit availability, unpatched instances are at immediate risk.
What to do
- Audit your deployment: Check if any vanna-ai instances are running versions ≤ 2.0.2, particularly the Legacy Flask API component
- Network isolate: Restrict access to vanna-ai API endpoints to trusted networks only until a patch is available
- Disable Legacy API: If the legacy Flask API is not needed, disable it in your deployment configuration
- Monitor access logs: Look for unauthorized API calls to vanna-ai endpoints, especially from external IPs
- Review vendor advisories: vanna-ai has not yet issued a public response — track their GitHub repository for patches