CVE-2026-32950

CVE-2026-32950 is a critical SQL injection vulnerability in SQLBot, an intelligent data query system based on a large language model and retrieval-augmented generation (RAG), affecting versions prior to 1.7.0. The issue occurs in the /api/v1/datasource/uploadExcel endpoint due to two root causes: Excel sheet names are concatenated directly into PostgreSQL table names without sanitization (datasource.py#L351), and these table names are embedded into COPY SQL statements via f-strings rather than parameterized queries (datasource.py#L385-L388). Rated at CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-78 (OS Command Injection) and CWE-89 (SQL Injection), it enables remote code execution (RCE).

Any authenticated user, even those with the lowest privileges, can exploit the vulnerability to fully compromise the backend server. The attack employs a two-stage technique to bypass the 31-character sheet name limit: first, uploading a normal Excel file whose data rows contain shell commands, followed by an XML-tampered file whose sheet name injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover.

The vulnerability was addressed in SQLBot version 1.7.0. Mitigation details are outlined in the GitHub security advisory (GHSA-7hww-8rj5-7rmm), release notes for v1.7.0, and the fixing commit (39f2203cec4bb4b0aa541710733fe7608e3d3c48). Security practitioners should upgrade to 1.7.0 or later and review access controls for the affected endpoint.

As an LLM-based system, SQLBot's flaw highlights risks in AI/ML-integrated tools handling untrusted uploads and database interactions, though no real-world exploitation has been reported in available data.