Sqlbot Security Vulnerabilities and Issues — Sqlbot CVE List

Fit2cloudSqlbot

8 matches found

CVE•added 2026/05/13 9:26 p.m.•20 views

CVE-2026-42463

SQLBot (an LLM/RAG-based Text-to-SQL system) contains a Cross-Workspace IDOR and Authorization Bypass vulnerability prior to version 1.8.0 in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema endpoints. An attacker could access and modify database schemas and data source...

8.6CVSS5.8AI score0.00249EPSS

CVE•added 2026/03/02 6:16 a.m.•14 views

CVE-2025-15597

Summary of CVE-2025-15597 (Dataease SQLBot) : A vulnerability affects SQLBot up to version 1.4.0 in the API Endpoint component, specifically the file backend/apps/system/api/assistant.py. The issue enables manipulation that leads to improper access controls and can be exploited remotely. Public d...

6.5CVSS6.1AI score0.0055EPSS

CVE•added 2026/01/21 8:5 p.m.•12 views

CVE-2025-69285

SQLBot prior to v1.5.0 is affected by an authentication bypass in the /api/v1/datasource/uploadExcel endpoint. The endpoint is whitelisted, allowing remote unauthenticated uploads of Excel/CSV files, which are parsed and inserted into PostgreSQL via to_sql() with if_exists='replace'. This enables...

8.7CVSS5.8AI score0.00394EPSS

CVE•added 2026/03/19 8:55 p.m.•12 views

CVE-2026-32622

SQLBot (versions ≤ 1.5.x) exposes a Stored Prompt Injection vulnerability consisting of three chained flaws: (1) missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, (2) unsanitized storage of terminology descriptions containing dangero...

8.8CVSS6AI score0.00562EPSS

CVE•added 2026/03/03 9:32 a.m.•11 views

CVE-2025-15598

CVE-2025-15598 affects Dataease SQLBot up to 1.5.1. The flaw is in JWT Token Handler’s validateEmbedded (backend/apps/system/middleware/auth.py); manipulation leads to improper cryptographic signature verification. It can be triggered remotely with high attack complexity; an exploit has been publ...

6.3CVSS5.3AI score0.00184EPSS

CVE•added 2026/03/20 4:8 a.m.•10 views

CVE-2026-32949

SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...

8.7CVSS5.9AI score0.00427EPSS

Web

CVE•added 2026/05/05 7:9 p.m.•9 views

CVE-2026-33324

SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...

9.4CVSS6.6AI score0.00603EPSS

Web

CVE•added 2026/03/20 4:14 a.m.•7 views

CVE-2026-32950

CVE-2026-32950 affects SQLBot prior to 1.7.0, where an authenticated user can trigger a critical SQL Injection in the /api/v1/datasource/uploadExcel endpoint. The root cause is unsanitized Excel sheet names concatenated into PostgreSQL table names and embedded into COPY statements via f-strings i...

8.8CVSS6.3AI score0.00878EPSS

Web