Dataease Sqlbot
9 CVEs affecting Dataease Sqlbot. Latest disclosed: 2026-05-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33324 | High | 8.8 | 2026-05-05 | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to… |
CVE-2026-42463 | High | 8.1 | 2026-05-13 | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Obj… |
CVE-2025-15597 | Medium | 6.3 | 2026-03-02 | A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the compone… |
CVE-2026-5417 | Medium | 4.7 | 2026-04-02 | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of… |
CVE-2025-15598 | Low | 3.7 | 2026-03-03 | A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the… |
CVE-2026-32950 | | 2026-03-20 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in t… | |
CVE-2026-32949 | | 2026-03-20 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulner… | |
CVE-2026-32622 | | 2026-03-19 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability th… | |
CVE-2025-69285 | | 2026-01-21 | SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in t… |