CVE-2026-5321
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
346
Origin Validation Error
DraftCommon Consequences
Security Scopes Affected:
Other
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Varies By Context
Applicable Platforms
Technologies:
Not Technology-Specific, Web Based
942
Permissive Cross-domain Security Policy with Untrusted Domains
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Potential Impacts:
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Read Application Data
Varies By Context
Applicable Platforms
Technologies:
Web Based, Web Server
https://github.com/August829/CVEP/issues/14
https://vuldb.com/submit/780729
https://vuldb.com/vuln/354653
https://vuldb.com/vuln/354653/cti