Which versions of Pandasai are affected by CVE-2026-4998?

Sinaptik AI PandasAI versions up to 3.0.0 contain a code injection vulnerability in the Chat Message Handler that allows unauthenticated attackers to execute arbitrary code remotely, with publicly…

Is there a public PoC exploit available for CVE-2026-4998?

Yes, a public proof-of-concept exploit is available for CVE-2026-4998. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-4998?

Within 24 hours: Inventory all systems running Sinaptik AI PandasAI up to version 3.0.0 and isolate affected instances from production networks if possible. Within 7 days: Implement network-level access controls to restrict inbound connections to PandasAI services (disable or firewall the Chat Message Handler endpoint); evaluate alternative data analysis tools without this vulnerability. Within 30 days: Either migrate to a patched successor product (contact vendor for timeline), retire PandasAI entirely, or implement application-level request validation and code execution sandboxing if continuation is mandatory.

Pandasai CVE-2026-4998

Q: What is the CVSS score of CVE-2026-4998?

CVE-2026-4998 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-16925 MEDIUM

Code Injection (CWE-94)

2026-03-28 VulDB

Code Injection RCE Pandasai

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 28, 2026 - 13:45 euvd

EUVD-2026-16925

Analysis Generated

Mar 28, 2026 - 13:45 vuln.today

CVE Published

Mar 28, 2026 - 13:15 nvd

MEDIUM 6.9

DescriptionCVE.org

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Code injection in Sinaptik AI PandasAI versions up to 3.0.0 allows unauthenticated remote attackers to execute arbitrary code via the CodeExecutor.execute function in the Chat Message Handler component. CVSS 7.3 (High) with network attack vector, low complexity, and no authentication required. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk is elevated and warrants immediate attention. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker identifies a PandasAI-powered web application that accepts natural language queries for data analysis. Using the publicly available exploit code from https://gist.github.com/YLChen-007/78ed1dbcccdb8895adb230dddde3316d, the attacker crafts a malicious chat message containing Python code injection payloads (e.g., importing os module and executing system commands). …
Remediation	No vendor-released patch identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Sinaptik AI PandasAI up to version 3.0.0 and isolate affected instances from production networks if possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4998 vulnerability details – vuln.today

Back