PT-2026-37219 · Sqlbot · Sqlbot
Ka7Arotto
·
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-33324
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SQLBot versions prior to 1.7.1
Description
The Text2SQL chat interface is susceptible to prompt injection. The
question parameter is concatenated into the Large Language Model (LLM) prompt without filtering or escaping, and the resulting SQL is executed against the database without validation or sanitization. An authenticated attacker can manipulate the LLM to generate and execute arbitrary SQL statements. If connected to a PostgreSQL data source, this can lead to remote code execution via the COPY FROM PROGRAM command.Recommendations
Update to version 1.7.1.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sqlbot