{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32949", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.284Z", "datePublished": "2026-03-20T04:08:43.142Z", "dateUpdated": "2026-03-20T19:50:35.555Z"}, "containers": {"cna": {"title": "SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9"}, {"name": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355"}, {"name": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0"}], "affected": [{"vendor": "dataease", "product": "SQLBot", "versions": [{"version": "< 1.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:08:43.142Z"}, "descriptions": [{"lang": "en", "value": "SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc=\"local_infile=1\". When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled Rogue MySQL server issues a malicious LOAD DATA LOCAL INFILE command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem (such as /etc/passwd or configuration files) and transmit the contents back to the attacker. This issue was fixed in version 1.7.0."}], "source": {"advisory": "GHSA-wqj3-xcxf-j9m9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T19:49:54.383497Z", "id": "CVE-2026-32949", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T19:50:35.555Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32949", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T19:49:54.383497Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T19:50:19.414Z"}}], "cna": {"title": "SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL", "source": {"advisory": "GHSA-wqj3-xcxf-j9m9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dataease", "product": "SQLBot", "versions": [{"status": "affected", "version": "< 1.7.0"}]}], "references": [{"url": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9", "name": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355", "name": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0", "name": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc=\"local_infile=1\". When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled Rogue MySQL server issues a malicious LOAD DATA LOCAL INFILE command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem (such as /etc/passwd or configuration files) and transmit the contents back to the attacker. This issue was fixed in version 1.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:08:43.142Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32949", "state": "PUBLISHED", "dateUpdated": "2026-03-20T19:50:35.555Z", "dateReserved": "2026-03-17T00:05:53.284Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T04:08:43.142Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:sqlbot:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA6724-2EE1-4320-88E5-224E6C72E04D", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc=\"local_infile=1\". When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled Rogue MySQL server issues a malicious LOAD DATA LOCAL INFILE command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem (such as /etc/passwd or configuration files) and transmit the contents back to the attacker. This issue was fixed in version 1.7.0."}, {"lang": "es", "value": "SQLBot es un sistema inteligente de consulta de datos basado en un modelo de lenguaje grande y RAG. Las versiones anteriores a la 1.7.0 contienen una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) que permite a un atacante recuperar archivos arbitrarios del sistema y de la aplicaci\u00f3n del servidor. Un atacante puede explotar el endpoint /api/v1/datasource/check configurando una fuente de datos MySQL falsificada con un par\u00e1metro malicioso extraJdbc='local_infile=1'. Cuando el backend de SQLBot intenta verificar la conectividad de esta fuente de datos, un servidor MySQL Rogue controlado por el atacante emite un comando LOAD DATA LOCAL INFILE malicioso durante el handshake de MySQL. Esto obliga al servidor objetivo a leer archivos arbitrarios de su sistema de archivos local (como /etc /passwd o archivos de configuraci\u00f3n) y a transmitir el contenido de vuelta al atacante. Este problema fue solucionado en la versi\u00f3n 1.7.0."}], "id": "CVE-2026-32949", "lastModified": "2026-03-23T17:35:16.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:14.387", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SQLBot", "source": "cna", "vendor": "dataease"}, "product": "sqlbot", "vendor": "dataease"}], "analysis": {"en": {"generated_at": "2026-03-23T18:27:58.392500+00:00", "value": {"mitigation_remediation": ["Upgrade SQLBot to version 1.7.0 or later to eliminate the SSRF and local file read vulnerability.", "Disable the local_infile option or block external MySQL connections used in data source configurations if upgrade is not immediately feasible.", "Restrict access to the /api/v1/datasource/check endpoint to trusted administrators or network segments.", "Monitor logs for unexpected LOAD DATA LOCAL INFILE usage and unauthorized data source checks."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all releases of SQLBot before version 1.7.0, including the dataease:SQLBot product. It applies to environments that expose the /api/v1/datasource/check endpoint and permit configuration of external MySQL data sources with the local_infile option enabled.", "description_and_impact": "SQLBot, an intelligent data query system, contains a server\u2011side request forgery flaw that lets an attacker configure a forged MySQL data source with a malicious parameter. During connectivity checks, the backend handshakes with a rogue MySQL server that issues a LOAD DATA LOCAL INFILE command, forcing the SQLBot server to read any file it can access and return the contents to the attacker. This yields arbitrary file read, compromising sensitive configuration, credential, or user data.", "risk_and_exploitability": "The CVSS score of 8.7 classifies the flaw as high severity. EPSS is below 1%, indicating that exploiting this vulnerability is currently unlikely, and it is not listed in the CISA KEV catalog. Nevertheless, the attack can be carried out remotely by sending a crafted request to the exposed endpoint; the attacker only needs to set up a rogue MySQL server with the malicious LOAD DATA LOCAL INFILE statement. Because the flaw succeeds in reading arbitrary files, the potential impact on confidentiality is significant, and the exploitation does not require privileged access beyond the exposed API."}}}}, "created": "2026-03-20T08:52:41.555003+00:00", "updated": "2026-03-25T14:09:21.709271+00:00", "vendors": ["dataease", "dataease$PRODUCT$sqlbot"]}