Skip to main content

Aix Db EUVD-2026-14262

| CVE-2026-4530 LOW
SQL Injection (CWE-89)
2026-03-21 VulDB GHSA-3p66-hvjq-gcvr
SQLi Aix Db
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
CVSS changed
Apr 24, 2026 - 16:37 NVD
5.3 (MEDIUM) 4.8 (MEDIUM)
PoC Detected
Mar 23, 2026 - 14:31 vuln.today
Public exploit code
EUVD ID Assigned
Mar 21, 2026 - 23:45 euvd
EUVD-2026-14262
Analysis Generated
Mar 21, 2026 - 23:45 vuln.today
CVE Published
Mar 21, 2026 - 23:32 nvd
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

SQL injection in apconw Aix-DB through the terminology_retriever.py module allows local attackers to manipulate the Description argument and execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment While the CVSS v3.1 base score of 5.3 is moderate (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), multiple factors elevate real-world risk substantially. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user with local access to a system running Aix-DB submits a malicious Description string containing SQL metacharacters (e.g., a single quote followed by UNION SELECT or DROP TABLE statements) through the terminology_retriever interface. Because the input is not properly parameterized, the injected SQL is concatenated directly into the query executed by the database backend. …
Remediation Immediate action: upgrade to any version of apconw Aix-DB released after 1.2.3 if available; however, given the vendor's non-responsiveness, verify any upgrade with apconw directly or review GitHub/security advisory channels. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems running apconw Aix-DB and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-14262 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy