pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Sinaptik-ai
  • Pandas-ai

No data.

No data.

References
Link Providers
https://gist.github.com/CafeD1/21c32edbf1b63fd88a79c290ed2a8059 cve-icon cve-icon
https://github.com/sinaptik-ai/pandas-ai cve-icon cve-icon
History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Sinaptik-ai
Sinaptik-ai pandas-ai
Vendors & Products Sinaptik-ai
Sinaptik-ai pandas-ai

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title SQL Injection via pandas‑ai _execute_sql_query in v3.0.0

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-01T00:00:00.000Z

Updated: 2026-04-01T18:19:20.151Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30273

cve-icon Vulnrichment

Updated: 2026-04-01T18:17:36.736Z

cve-icon NVD

Status : Received

Published: 2026-04-01T17:28:38.733

Modified: 2026-04-01T19:16:29.237

Link: CVE-2026-30273

cve-icon Redhat

No data.