Ghostwire

CVE-2026-6977: A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of...

HIGH CVSS 7.3 Exploit Available 1 PoC

Published: April 25, 2026 | Last Modified: April 25, 2026

Description

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

yidaozhongqing/York

CVE-2026-6977: A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

Security Coverage (1 articles)

References