Which versions of Pandasai are affected by CVE-2026-4996?

Sinaptik AI PandasAI versions up to 0.1.4 contain unauthenticated SQL injection vulnerabilities in database query functions that allow remote attackers to manipulate or exfiltrate data without…

Is there a public PoC exploit available for CVE-2026-4996?

Yes, a public proof-of-concept exploit is available for CVE-2026-4996. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4996?

Within 24 hours: Identify all systems running Sinaptik AI PandasAI versions 0.1.4 and earlier; audit database access logs for anomalous queries. Within 7 days: Isolate or air-gap affected instances; disable the pandasai-lancedb extension if possible without operational impact; implement network-level access controls restricting PandasAI to trusted networks only. Within 30 days: Contact Sinaptik AI for security response status; evaluate migration to alternative data analysis libraries; upgrade to patched version immediately upon vendor release.

Pandasai CVE-2026-4996

Q: What is the CVSS score of CVE-2026-4996?

CVE-2026-4996 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16921 MEDIUM

SQL Injection (CWE-89)

2026-03-28 VulDB

SQLi Pandasai

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 28, 2026 - 11:45 euvd

EUVD-2026-16921

Analysis Generated

Mar 28, 2026 - 11:45 vuln.today

CVE Published

Mar 28, 2026 - 11:30 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id of the file extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py of the component pandasai-lancedb Extension. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in Sinaptik AI PandasAI versions up to 0.1.4 allows unauthenticated remote attackers to manipulate database operations through the pandasai-lancedb extension. Six functions (delete_question_and_answers, delete_docs, update_question_answer, update_docs, get_relevant_question_answers_by_id, get_relevant_docs_by_id) in lancedb.py are vulnerable to SQL injection attacks. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents significant real-world risk despite moderate CVSS 7.3 scoring. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker identifies a PandasAI installation with the lancedb extension exposed to the internet. Using the publicly available exploit code from GitHub, the attacker crafts malicious SQL payloads targeting the get_relevant_question_answers_by_id function, injecting UNION-based queries to extract sensitive AI training data, proprietary question-answer pairs, or database credentials. …
Remediation	No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Sinaptik AI PandasAI versions 0.1.4 and earlier; audit database access logs for anomalous queries. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4996 vulnerability details – vuln.today

Back