CVE-2026-4997

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0

Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing for path traversal. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 3.0.0 should be used. As a temporary workaround, consider restricting access to the pandasai/helpers/sql sanitizer.py file to minimize the risk of exploitation.