Description
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowing any authenticated user (even the lowest-privileged) to fully compromise the backend server. The root cause is twofold: Excel Sheet names are concatenated directly into PostgreSQL table names without sanitization (datasource.py#L351), and those table names are embedded into COPY SQL statements via f-strings instead of parameterized queries (datasource.py#L385-L388). An attacker can bypass the 31-character Sheet name limit using a two-stage technique—first uploading a normal file whose data rows contain shell commands, then uploading an XML-tampered file whose Sheet name injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover. This issue has been fixed in version 1.7.0.
Published: 2026-03-20
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

SQLBot contains an SQL injection flaw in the /api/v1/datasource/uploadExcel endpoint that grants remote code execution. The vulnerability stems from unsanitized Excel sheet names being concatenated into PostgreSQL table names and then embedded in COPY SQL statements through f-strings. An attacker can manipulate the sheet name to inject a TO PROGRAM 'sh' clause, enabling arbitrary shell commands to run as the database postgres user. This leads to exfiltration of sensitive files and full database compromise. The weakness matches CWE-78 (Command Injection) and CWE-89 (SQL Injection).

Affected Systems

Versions of SQLBot before 1.7.0 are vulnerable. The product, developed by the dataease organization, is affected when its uploadExcel endpoint is used with Excel files that contain specially crafted sheet names. Users of the earlier releases should verify the version they are running and consider whether the endpoint is publicly accessible.

Risk and Exploitability

The CVSS score is 8.6, indicating high severity. EPSS is reported as less than 1%, suggesting low overall exploit probability, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated user, but the attack can be performed by the lowest-privileged accounts with access to the upload endpoint. By following a two-stage upload process—first submitting a normal file with malicious data rows, then an XML‑tampered file to inject the SQL payload—an attacker can bypass the 31‑character sheet name limit and execute commands on the backend server.

Generated by OpenCVE AI on March 23, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SQLBot to version 1.7.0 or later, which removes the vulnerable code
  • If an upgrade is not immediately possible, restrict access to the /api/v1/datasource/uploadExcel endpoint to authorized administrators only
  • Disable the Excel upload functionality entirely if the feature is not required

Generated by OpenCVE AI on March 23, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Fit2cloud
Fit2cloud sqlbot
CPEs cpe:2.3:a:fit2cloud:sqlbot:*:*:*:*:*:*:*:*
Vendors & Products Fit2cloud
Fit2cloud sqlbot
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Dataease
Dataease sqlbot
Vendors & Products Dataease
Dataease sqlbot

Fri, 20 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowing any authenticated user (even the lowest-privileged) to fully compromise the backend server. The root cause is twofold: Excel Sheet names are concatenated directly into PostgreSQL table names without sanitization (datasource.py#L351), and those table names are embedded into COPY SQL statements via f-strings instead of parameterized queries (datasource.py#L385-L388). An attacker can bypass the 31-character Sheet name limit using a two-stage technique—first uploading a normal file whose data rows contain shell commands, then uploading an XML-tampered file whose Sheet name injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover. This issue has been fixed in version 1.7.0.
Title SQLBot: RCE via SQL Injection in Excel Upload Endpoint
Weaknesses CWE-78
CWE-89
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Dataease Sqlbot
Fit2cloud Sqlbot
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-24T01:49:10.552Z

Reserved: 2026-03-17T00:05:53.284Z

Link: CVE-2026-32950

cve-icon Vulnrichment

Updated: 2026-03-24T01:49:06.314Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T05:16:14.553

Modified: 2026-03-23T18:04:30.893

Link: CVE-2026-32950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:09:20Z

Weaknesses