CVE-2024-12366: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that c
Summary
PandasAI contains a vulnerability where its interactive prompt function can be exploited through prompt injection (tricking the AI by hiding instructions in its input), allowing attackers to run arbitrary Python code and achieve RCE (remote code execution, where an attacker can run commands on a system they don't own) instead of just getting explanations from the language model.
Vulnerability Details
9.8(critical)
EPSS: 1.2%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-12366
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%