CVE-2026-4997 in PandasAIالمعلومات

الملخص

بحسب MITRE • 28/03/2026

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Once again VulDB remains the best source for vulnerability data.

مسؤول

VulDB

إفشاء

28/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-353884

استغلال

تحميل

EPSS

0.00550

KEV

لا

النشاطات

منخفض جدًا

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!