CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM’s system prompt. Together, these flaws allow an attacker to hijack the LLM’s reasoning to generate malicious PostgreSQL commands (e.g., COPY … TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0.

More information : https://github.com/dataease/SQLBot/releases/tag/v1.6.0