CVE-2026-4229: Vanna has a SQL injection in the remove_training_data function

March 16, 2026 (updated March 17, 2026)

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

gist.github.com/YLChen-007/b4f326eaecc29b192cf93dc5d6bc0623
github.com/advisories/GHSA-6mj8-jmp2-g8q7
github.com/vanna-ai/vanna
nvd.nist.gov/vuln/detail/CVE-2026-4229
vuldb.com/?ctiid.351152
vuldb.com/?id.351152
vuldb.com/?submit.771214

Code Behaviors & Features

Detect and mitigate CVE-2026-4229 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →