CVE-2026-4998

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0

Description A code injection weakness exists in the Chat Message Handler component, specifically within the CodeExecutor.execute function of the pandasai/core/code execution/code executor.py file. This allows for remote code execution through manipulation. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 3.0.0 should be used. As a temporary workaround, consider restricting access to the CodeExecutor.execute function until a patch is available.