CVE-2026-4504

🗓️ 20 Mar 2026 20:02:11Reported by VulDBType

SQL injection in eosphoros-ai db-gpt editor API enables exploitation; incomplete fix up to 0.7.5.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-4504	20 Mar 202620:02	–	attackerkb
Circl	CVE-2026-4504	20 Mar 202619:16	–	circl
CNNVD	DB-GPT SQL注入漏洞	20 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection	20 Mar 202620:02	–	cvelist
EUVD	EUVD-2026-13804	20 Mar 202621:31	–	euvd
NVD	CVE-2026-4504	20 Mar 202620:16	–	nvd
Positive Technologies	PT-2026-26672	20 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4504	26 Mar 202615:07	–	redhatcve
Vulnrichment	CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection	20 Mar 202620:02	–	vulnrichment

Vulners

Node

eosphoros-ai db-gptMatch0.7.0

eosphoros-ai db-gptMatch0.7.1

eosphoros-ai db-gptMatch0.7.2

eosphoros-ai db-gptMatch0.7.3

eosphoros-ai db-gptMatch0.7.4

eosphoros-ai db-gptMatch0.7.5

[
  {
    "vendor": "eosphoros-ai",
    "product": "db-gpt",
    "versions": [
      {
        "version": "0.7.0",
        "status": "affected"
      },
      {
        "version": "0.7.1",
        "status": "affected"
      },
      {
        "version": "0.7.2",
        "status": "affected"
      },
      {
        "version": "0.7.3",
        "status": "affected"
      },
      {
        "version": "0.7.4",
        "status": "affected"
      },
      {
        "version": "0.7.5",
        "status": "affected"
      }
    ],
    "modules": [
      "Incomplete Fix"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
huntr	www.huntr.com/bounties/e32fda74-ca83-431c-8de8-08274ba686c9
vuldb	www.vuldb.com/

29 Apr 2026 01:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

EPSS0.00042

SSVC