CVE-2024-5827 CRITICAL

CVE-2024-5827: Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vendor Vanna-Ai

Product vanna-ai/vanna

Weakness CWE-89 · SQLi

Published June 28, 2024

Last update October 15, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents `<?php system($_GET[0]); ?>`. This can lead to command execution or the creation of backdoors.

Key dates

02Disclosure timeline

June 28, 2024 CVE published

October 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5827 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2024-5827

CWE CWE-89

CVSS 9.8 / CRITICAL

Affected versions