{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4229", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-15T18:45:03.703Z", "datePublished": "2026-03-16T08:32:07.744Z", "dateUpdated": "2026-03-16T16:35:33.466Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-16T08:32:07.744Z"}, "title": "vanna-ai vanna bigquery_vector.py remove_training_data sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "vanna-ai", "product": "vanna", "versions": [{"version": "2.0.0", "status": "affected"}, {"version": "2.0.1", "status": "affected"}, {"version": "2.0.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-15T19:50:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-y (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.351152", "name": "VDB-351152 | vanna-ai vanna bigquery_vector.py remove_training_data sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351152", "name": "VDB-351152 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.771214", "name": "Submit #771214 | vanna-ai Vanna 2.0.2 SQL Injection (CWE-89)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/b4f326eaecc29b192cf93dc5d6bc0623", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T16:34:32.418977Z", "id": "CVE-2026-4229", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:35:33.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4229", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T16:34:32.418977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:35:27.891Z"}}], "cna": {"title": "vanna-ai vanna bigquery_vector.py remove_training_data sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-y (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "vanna-ai", "product": "vanna", "versions": [{"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "2.0.1"}, {"status": "affected", "version": "2.0.2"}]}], "timeline": [{"lang": "en", "time": "2026-03-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-15T19:50:15.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351152", "name": "VDB-351152 | vanna-ai vanna bigquery_vector.py remove_training_data sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351152", "name": "VDB-351152 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.771214", "name": "Submit #771214 | vanna-ai Vanna 2.0.2 SQL Injection (CWE-89)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/b4f326eaecc29b192cf93dc5d6bc0623", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-16T08:32:07.744Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4229", "state": "PUBLISHED", "dateUpdated": "2026-03-16T16:35:33.466Z", "dateReserved": "2026-03-15T18:45:03.703Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-16T08:32:07.744Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en vanna-ai vanna hasta la versi\u00f3n 2.0.2. Esto afecta a la funci\u00f3n remove_training_data del archivo src/vanna/legacy/google/bigquery_vector.py. Esta manipulaci\u00f3n del argumento ID causa inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido publicado y puede ser utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-4229", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-16T14:20:16.277", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/b4f326eaecc29b192cf93dc5d6bc0623"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351152"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351152"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.771214"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.0.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vanna", "source": "cna", "vendor": "vanna-ai"}, "product": "vanna", "vendor": "vanna-ai"}], "analysis": {"en": {"generated_at": "2026-03-17T12:07:32.316976+00:00", "value": {"mitigation_remediation": ["Upgrade vanna to any version newer than 2.0.2 to remove the injection flaw", "If upgrade is not immediately possible, restrict external access to the remove_training_data API endpoint and monitor for anomalous activity", "Implement input validation or sanitization on the ID parameter to prevent malicious payloads"], "summary": {"action": "Patch Immediately", "impact": "SQL Injection (remote)"}, "threat_synthesis": {"affected_systems": "vanna\u2011ai vanna, all released versions including 1.x and 2.0.2, are affected. No specific sub\u2011version details beyond 2.0.2 are provided.", "description_and_impact": "A flaw in vanna\u2011ai vanna versions up to 2.0.2 allows an attacker to manipulate the ID argument in the remove_training_data function of src/vanna/legacy/google/bigquery_vector.py, resulting in SQL injection. This vulnerability permits execution of arbitrary SQL statements, potentially compromising data confidentiality and integrity. The associated weaknesses are listed as CWE\u201174 and CWE\u201189.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a Medium severity level. The EPSS score is reported as less than 1\u202f%, suggesting a low current exploitation probability. The vulnerability is not recorded in the CISA KEV catalog. Exploitation can be performed remotely through the API that accepts an external ID parameter, and published exploits are available."}}}}, "created": "2026-03-17T09:53:00.315145+00:00", "updated": "2026-03-24T10:45:21.570827+00:00", "vendors": ["vanna-ai", "vanna-ai$PRODUCT$vanna"]}