CVE-2024-5826

moderate-risk
Published 2024-06-27

In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.

Do I need to act?

~
7.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

References (2)

https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369
https://huntr.com/bounties/90620087-44ac-4e43-b659-3c5d30889369
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal