Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.8CVSS6AI score0.00562EPSS
Exploits1References1
NVD
NVD
added 2026/03/19 9:17 p.m.8 views

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.8CVSS0.00562EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 8:55 p.m.21 views

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.6CVSS0.00562EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 8:55 p.m.16 views

CVE-2026-32622

SQLBot (versions ≤ 1.5.x) exposes a Stored Prompt Injection vulnerability consisting of three chained flaws: (1) missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, (2) unsanitized storage of terminology descriptions containing dangero...

8.8CVSS6AI score0.00562EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 8:55 p.m.6 views

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.6CVSS6AI score0.00562EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26367

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.6CVSS6AI score0.00562EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Chaindesk 跨站脚本漏洞

Chaindesk is an AI chatbot for building and deploying private data-based chatbots from Chaindesk, France. A cross-site scripting vulnerability exists in Chaindesk version 2025-05-26 and earlier, which stems from a system prompt in the AI agent that can embed a malicious script payload, leading to...

6.5CVSS5.8AI score0.00435EPSS
Exploits1References3
Rows per page
Query Builder