CVE-2026-32949

Exploit

EPSS 0.04%
Veröffentlicht 20.03.2026 04:08:43
Zuletzt bearbeitet 23.03.2026 17:35:16
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc="local_infile=1". When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled Rogue MySQL server issues a malicious LOAD DATA LOCAL INFILE command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem (such as /etc/passwd or configuration files) and transmit the contents back to the attacker. This issue was fixed in version 1.7.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fit2cloud ≫ Sqlbot Version < 1.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.114

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9

Vendor Advisory

Exploit

https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355

Patch

https://github.com/dataease/SQLBot/releases/tag/v1.7.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-32949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32949

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32949