Submit #773899: Mindinventory MindSQL v0.2.1 SQL Injectioninfo

TitleMindinventory MindSQL v0.2.1 SQL Injection
DescriptionThe vulnerability exists in the complete trust chain between user input, LLM output, and SQL execution. Malicious users can exploit this through prompt injection attacks, manipulating the LLM to generate arbitrary SQL statements that are then executed directly on the database server. The core issue stems from the system's implicit trust in LLM-generated SQL without any filtering or validation in the execution pipeline.
Source⚠️ https://github.com/Ka7arotto/cve/blob/main/mindsql-text2sql/issue.md
User
 Goku (UID 80486)
Submission03/06/2026 12:37 (3 months ago)
Moderation03/20/2026 15:08 (14 days later)
StatusAccepted
VulDB entry352073 [Mindinventory MindSQL up to 0.2.1 mindsql_core.py ask_db sql injection]
Points19

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!