PT-2026-35147 · Pypi · Vanna

York Shen

Published

2026-04-25

Updated

2026-04-25

CVE-2026-6977

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions prior to 2.0.3

Description An improper authorization issue exists within the Legacy Flask API component. This flaw allows a remote attacker to bypass authorization mechanisms through the manipulation of an unknown function.

Recommendations Update to a version later than 2.0.2. As a temporary workaround, restrict access to the Legacy Flask API component to minimize the risk of exploitation.

Exploit

Fix

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285

Related Identifiers

CVE-2026-6977

Affected Products

Vanna

PT-2026-35147 · Pypi · Vanna

CVE-2026-6977

Weakness Enumeration

Related Identifiers

Affected Products

References · 7