Home / Vulnerability Intelligence / CVE-2026-33324

CVE-2026-33324 - Vulnerability Analysis

N/a

Last Updated: May 5, 2026

SQLBot - Command Injection

Published: May 5, 2026Updated: May 5, 2026PoC Available

Overview

SQLBot <= 1.7.0 contains a command injection caused by unsanitized user input concatenated into LLM prompt and executed as SQL, letting authenticated attackers execute arbitrary SQL and remote code on PostgreSQL, exploit requires authentication.

Severity & Score

Severity: N/a

Impact

Authenticated attackers can execute arbitrary SQL and remote code, potentially leading to full system compromise.

Mitigation

Upgrade to version 1.7.1 or later.

References

https://github.com/dataease/SQLBot/security/advisories/GHSA-q2q6-gqqh-4xrx

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33324
Severity: N/a
Type: command_injection
Status: new

CWE

CWE-89

CVSS Metrics

N/A