SSRF in Dataease Sqlbot

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application fil…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.

Affected products

Dataease Sqlbot — versions < 1.7.0

Weakness classification (CWE)

References

https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9 (x_refsource_CONFIRM)
https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355 (x_refsource_MISC)
https://github.com/dataease/SQLBot/releases/tag/v1.7.0 (x_refsource_MISC)