| Title | Dataease SQLbot <= v1.6.0 Server-Side Request Forgery |
|---|
| Description | ### Vulnerability Description
[SQLBot](https://github.com/dataease/SQLBot) is an intelligent data query system based on large language models and RAG, meticulously crafted by the DataEase open-source project team. With SQLBot, users can perform conversational data analysis (ChatBI), quickly extracting the necessary data information and visualizations, and supporting further intelligent analysis.
In `backend/apps/db/es_engine.py`, the Elasticsearch query function directly uses user-provided `host` parameter to make HTTP requests without validating the target address, leading to Server-Side Request Forgery (SSRF). Attackers can use this to scan internal networks, access cloud metadata services, and exploit internal services.
### Affected Versions
SQLBot ≤ 1.6.0 |
|---|
| Source | ⚠️ https://www.notion.so/SQLbot-SSRF-in-Elasticsearch-Unvalidated-Requests-2afea92a3c4180bea524f1a253f8d9a0 |
|---|
| User | din4 (UID 50867) |
|---|
| Submission | 02/11/2026 04:44 (2 months ago) |
|---|
| Moderation | 04/02/2026 13:02 (2 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 354854 [Dataease SQLbot up to 1.6.0 Elasticsearch es_engine.py get_es_data_by_http address server-side request forgery] |
|---|
| Points | 17 |
|---|