CVE-2024-5826 CRITICAL

CVE-2024-5826: Remote Code Execution via Prompt Injection in vanna-ai/vanna

Vendor Vanna-Ai
Product vanna-ai/vanna
Weakness CWE-94 · Code injection
Published June 27, 2024
Last update October 15, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
October 15, 2025 Record updated