CVE-2026-32622
HIGHSQLBot: Remote Code Execution via Terminology Poisoning
Title source: cnaDescription
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. Together, these flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., COPY ... TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/dataease/SQLBot/security/advisories/GHSA-m7q7-vhw9-q7m3
X_Refsource_Misc x_refsource_misc
https://github.com/dataease/SQLBot/releases/tag/v1.6.0
Scores
CVSS v4
8.6
EPSS
0.0056
EPSS Percentile
42.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
CWE-74
CWE-862
CWE-20
Status
published
Products (1)
dataease/SQLBot
< 1.6.0
Published
Mar 19, 2026
Tracked Since
Mar 20, 2026