CVE-2026-4997 - Vulnerability Details

- Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

Description

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-28

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An insecure implementation of the is_sql_query_safe function in PandasAI’s sql_sanitizer module permits malicious manipulation of the query string to cause the application to resolve file paths outside the intended directory, enabling path traversal. This flaw is classified as CWE‑22 and can lead to unauthorized read or write access to files on the host system, potentially compromising confidentiality, integrity, or availability of application data. The vulnerability is exploitable through remote input, as the function may process untrusted query strings supplied from outside the application.

Affected Systems

The flaw exists in all releases of Sinaptik AI PandasAI up to and including version 3.0.0. Any installation that imports pandasai.helpers.sql_sanitizer and invokes is_sql_query_safe without additional safeguards is affected.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, but the availability of a public exploit and the remote trigger raise the likelihood of real‑world attacks. An attacker who can supply crafted query strings to the vulnerable function may execute path traversal attacks to read or modify files on the host system. The absence of an official vendor patch in the CVE data means the risk remains until a fix or workaround is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Sinaptik AI

PandasAI

affected

Version	Status	Constraints
`3.0`	affected	—

No data.

Vendor Product Confidence Versions

Sinaptik Ai

Pandasai

100%

Version	Status	Scheme	Platform
`[3.0,3.0]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify the installed PandasAI version and determine whether it is 3.0.0 or earlier; if so, seek an official vendor update or contact Sinaptik AI for guidance on a fix.
If an update cannot be applied immediately, implement server‑side validation that rejects query strings containing path traversal patterns (e.g., "..", directory separators) before they reach is_sql_query_safe.
Monitor application logs for unexpected file access or path resolution errors, and watch for repeated failure patterns that may indicate exploitation attempts.

Generated by OpenCVE AI on March 28, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://gist.github.com/YLChen-007/0ea2685789929bdb6363f5aebb7cba9a
https://vuldb.com/submit/778269
https://vuldb.com/vuln/353884
https://vuldb.com/vuln/353884/cti

History

Mon, 30 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sinaptik Ai Sinaptik Ai pandasai
Vendors & Products		Sinaptik Ai Sinaptik Ai pandasai

Sat, 28 Mar 2026 12:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal
Weaknesses		CWE-22
References		https://gist.github.com/YLChen-007/0ea2685789929bdb6363f5aebb7cba9a https://vuldb.com/submit/778269 https://vuldb.com/vuln/353884 https://vuldb.com/vuln/353884/cti
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sinaptik Ai Pandasai

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-28T12:23:10.126Z

Updated: 2026-03-30T14:53:16.850Z

Reserved: 2026-03-27T13:48:11.424Z

Link: CVE-2026-4997

Vulnrichment

Updated: 2026-03-30T13:14:41.117Z

NVD

Status : Deferred

Published: 2026-03-28T13:16:34.803

Modified: 2026-04-24T16:36:24.067

Link: CVE-2026-4997

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T06:59:05Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object