CVE-2026-42463: SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cr
Summary
SQLBot is a Text-to-SQL system (software that converts natural language questions into database queries) that uses large language models and RAG (retrieval-augmented generation, where the AI pulls in external documents to answer questions). Before version 1.8.0, it had an IDOR vulnerability (insecure direct object reference, where an attacker can access resources belonging to other users by manipulating request parameters), allowing attackers to access and modify database schemas and data from other workspaces or organizations.
Solution / Mitigation
This vulnerability is fixed in version 1.8.0. Users should upgrade SQLBot to 1.8.0 or later.
Vulnerability Details
EPSS: 0.0%
May 13, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-42463
First tracked: May 13, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 85%