Fit2cloud

Sqlbot

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-42463

Exploit
  • EPSS 0.25%
  • Veröffentlicht 13.05.2026 21:26:27
  • Zuletzt bearbeitet 15.05.2026 17:34:17

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSch...

8.8

CVE-2026-33324

Exploit
  • EPSS 0.6%
  • Veröffentlicht 05.05.2026 20:16:36
  • Zuletzt bearbeitet 08.05.2026 19:22:59

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the L...

8.8

CVE-2026-32950

Exploit
  • EPSS 0.88%
  • Veröffentlicht 20.03.2026 04:14:45
  • Zuletzt bearbeitet 23.03.2026 18:04:30

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowi...

7.5

CVE-2026-32949

Exploit
  • EPSS 0.43%
  • Veröffentlicht 20.03.2026 04:08:43
  • Zuletzt bearbeitet 23.03.2026 17:35:16

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the...

8.8

CVE-2026-32622

Exploit
  • EPSS 0.56%
  • Veröffentlicht 19.03.2026 20:55:51
  • Zuletzt bearbeitet 23.03.2026 17:34:55

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any auth...

5.9

CVE-2025-15598

Exploit
  • EPSS 0.18%
  • Veröffentlicht 03.03.2026 09:32:06
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of ...

6.3

CVE-2025-15597

Exploit
  • EPSS 0.55%
  • Veröffentlicht 02.03.2026 06:16:35
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to lau...

6.1

CVE-2025-69285

Exploit
  • EPSS 0.39%
  • Veröffentlicht 21.01.2026 20:05:22
  • Zuletzt bearbeitet 02.02.2026 13:57:50

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to u...