Dataease

Sqlbot

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-42463

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.05.2026 21:26:27
  • Zuletzt bearbeitet 15.05.2026 17:34:17

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSch...

8.8

CVE-2026-33324

Exploit
  • EPSS 0.32%
  • Veröffentlicht 05.05.2026 20:16:36
  • Zuletzt bearbeitet 08.05.2026 19:22:59

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the L...

4.7

CVE-2026-5417

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 18:15:11
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This manipulation of the argument address causes serve...

8.8

CVE-2026-32950

Exploit
  • EPSS 0.21%
  • Veröffentlicht 20.03.2026 04:14:45
  • Zuletzt bearbeitet 23.03.2026 18:04:30

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowi...

7.5

CVE-2026-32949

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.03.2026 04:08:43
  • Zuletzt bearbeitet 23.03.2026 17:35:16

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the...

8.8

CVE-2026-32622

Exploit
  • EPSS 0.39%
  • Veröffentlicht 19.03.2026 20:55:51
  • Zuletzt bearbeitet 23.03.2026 17:34:55

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any auth...

5.9

CVE-2025-15598

Exploit
  • EPSS 0.02%
  • Veröffentlicht 03.03.2026 09:32:06
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of ...

6.3

CVE-2025-15597

Exploit
  • EPSS 0.07%
  • Veröffentlicht 02.03.2026 06:16:35
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to lau...