CVE-2026-33324
Last updated May 05, 2026 · Published May 05, 2026
Description
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.
Affected products
1 listed- dataease:SQLBot
Mappings
CWE
CAPEC
None listed.
Related
Research
Guides
- SQL Injection Prevention with PrismaSafe patterns for raw queries and dynamic filters.
- Prompt injection prevention: a practical guide for LLM applicationsPrompt injection is the SQL injection of LLM applications. Separate trusted instructions from user input, gate…
- LLM Tool-Calling SecurityAllowlists, validation, and least-privilege execution.
Training
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms