AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-4530: A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 21, 2026CVE-2026-4530

Summary

A SQL injection vulnerability (CVE-2026-4530) has been found in apconw Aix-DB up to version 1.2.3, where an attacker can manipulate the Description argument in the file agent/text2sql/rag/terminology_retriever.py to execute unauthorized SQL commands (SQL injection, a type of attack where an attacker inserts malicious database commands into input fields). The attack requires local access, the exploit is public, and the vendor has not responded to the disclosure.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

local

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 21, 2026

Classification

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

AI Component TargetedRAG

Taxonomy References

CWE (Weakness Type)

CWE-74 CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4530

First tracked: March 22, 2026 at 02:07 AM

Classified by LLM (prompt v3) · confidence: 75%