Skip to main content

CVE-2026-30273

| EUVDEUVD-2026-17959 HIGH
SQL Injection (CWE-89)
2026-04-01 mitre GHSA-9cxr-vwm6-6vmr
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17959
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 00:00 nvd
HIGH 7.3

DescriptionCVE.org

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.

AnalysisAI

SQL injection in pandas-ai v3.0.0 allows remote code execution through the pandasai.agent.base._execute_sql_query component, enabling attackers to manipulate SQL queries and potentially access, modify, or exfiltrate database contents. No CVSS score, EPSS data, or KEV status is available; however, the vulnerability affects a widely-used data analysis library and publicly available proof-of-concept code exists, elevating real-world risk despite incomplete severity metrics.

Technical ContextAI

pandas-ai is a Python library that integrates large language models (LLMs) with data analysis workflows, allowing natural-language querying of dataframes and databases. The vulnerability exists in the _execute_sql_query method of the pandasai.agent.base module, which handles SQL query execution. The root cause is improper input validation or parameterization when constructing SQL queries, likely resulting from unsanitized LLM-generated or user-supplied input being directly concatenated into SQL statements (CWE-89: SQL Injection). This is a critical integration point where natural-language prompts are converted to database queries, creating a natural attack surface if LLM outputs or intermediate processing steps are not properly escaped or parameterized.

RemediationAI

Immediate remediation requires upgrading pandas-ai to a patched version released by Sinaptik AI; however, no specific patched version number is confirmed in the provided data. Users should monitor the official pandas-ai GitHub repository (https://github.com/sinaptik-ai/pandas-ai) and vendor security advisories for patched release announcements. As an interim mitigation, restrict database query execution to least-privilege database accounts with minimal data access, implement input validation on user-supplied prompts before LLM processing, enforce parameterized queries (prepared statements) throughout the codebase, and disable or sandbox the pandas-ai agent component until a patch is confirmed available. Organizations should also audit database logs for evidence of SQL injection attempts or unusual query patterns.

Share

CVE-2026-30273 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy