CVE-2026-6977: Vanna-AI Legacy Flask API Improper Authorization

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-266cwe-285
CVE-2026-6977: Vanna-AI Legacy Flask API Improper Authorization

The National Vulnerability Database has disclosed CVE-2026-6977, a high-severity improper authorization vulnerability affecting vanna-ai vanna up to version 2.0.2. This flaw, with a CVSS score of 7.3, resides within an unspecified function of the Legacy Flask API component, allowing remote attackers to exploit it without authentication. The public disclosure of this exploit means active exploitation is a significant risk.

This vulnerability stems from CWE-266 (Improper Authorization) and CWE-285 (Improper Authorization on Check Privilege), indicating a fundamental flaw in how the application manages access controls. The attacker’s calculus here is straightforward: no authentication required, remote access, and a publicly available exploit. This significantly lowers the barrier to entry for opportunistic attackers looking to gain unauthorized access or control over affected instances.

Defenders need to act fast. The vendor was reportedly unresponsive to early disclosure attempts, which is a red flag. Organizations utilizing vanna-ai vanna should immediately assess their deployments for the presence of the Legacy Flask API and determine if they are running affected versions. Given the remote exploitability and public disclosure, assume compromise is possible if unpatched.

What This Means For You

  • If your organization uses vanna-ai vanna, specifically versions up to 2.0.2, immediately identify if the Legacy Flask API component is in use. Prioritize patching or implementing compensating controls to restrict access to this API, as remote, unauthenticated exploitation is possible with a publicly available exploit. Audit logs for any suspicious activity related to this component.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Privilege Escalation

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-6977: Vanna-AI Legacy Flask API Unauthorized Access Attempt

Sigma YAML — free preview 
title: CVE-2026-6977: Vanna-AI Legacy Flask API Unauthorized Access Attempt
id: scw-2026-04-25-ai-1
status: experimental
level: high
description: |
  Detects attempts to access the legacy Flask API endpoint of Vanna-AI (versions up to 2.0.2) via POST requests, which is indicative of exploitation for CVE-2026-6977. This rule targets the specific API path that is vulnerable to improper authorization.
author: SCW Feed Engine (AI-generated)
date: 2026-04-25
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-6977/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/api/v1/legacy'
      cs-method|exact:
          - 'POST'
      sc-status|exact:
          - '200'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6977 Auth Bypass vanna-ai vanna up to 2.0.2
CVE-2026-6977 Auth Bypass Legacy Flask API component
CVE-2026-6977 Improper Authorization unknown function in Legacy Flask API

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 25, 2026 at 14:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6979 — Devlikeapro WAHA Server-Side Request Forgery

CVE-2026-6979 — A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-6978 — JiZhiCMS SQL Injection

CVE-2026-6978 — A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma

simple-git RCE: Incomplete Fix Leaves Critical Vulnerability Open

CVE-2026-6951 — Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-94
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs /⚙ 3 Sigma