CVE-2026-3409
Remote Code Injection in eosphoros-ai db-gpt Flow Import Endpoint
Publication date: 2026-03-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eosphoros-ai | db-gpt | 0.7.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3409 is a critical security vulnerability in eosphoros-ai db-gpt version 0.7.5, specifically in the Flow Import Endpoint at /api/v1/serve/awel/flow/import. The flaw allows an attacker to upload a specially crafted ZIP file containing a Python package with malicious code. When the server processes this ZIP file, it executes the malicious Python code without any validation or sandboxing using Python's importlib.machinery.SourceFileLoader.exec_module() function."}, {'type': 'paragraph', 'content': 'The vulnerability is worsened by the fact that authentication is bypassed for all /api/v1 paths, allowing unauthenticated remote attackers to exploit this issue. The attack involves uploading a ZIP file with a manifest declaring the package as Python code, which leads to execution of the malicious __init__.py file on the server.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated remote attackers to execute arbitrary code on the affected server with root privileges. This can lead to full server compromise, including data exfiltration, installation of persistent backdoors, and complete loss of confidentiality, integrity, and availability of the system.
- Remote Code Execution (RCE) with root privileges.
- Bypassing authentication mechanisms.
- Potential full server takeover and persistent backdoor installation.
- Data theft or destruction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the vulnerable endpoint with a crafted ZIP file containing malicious Python code and verifying if the code executes on the target system.'}, {'type': 'paragraph', 'content': 'A suggested detection method involves sending a POST request to the vulnerable endpoint /api/v1/serve/awel/flow/import with a ZIP file containing a dbgpts.toml manifest specifying definition_type="python" and an __init__.py file with code that creates a detectable artifact.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -X POST "http://localhost:5670/api/v1/serve/awel/flow/import" -F "[email\xa0protected]" -F "save_flow=false"'}, {'type': 'paragraph', 'content': 'After sending the request, check for the presence of the artifact created by the malicious code, such as a file /tmp/pwned inside the container:'}, {'type': 'list_item', 'content': 'docker exec <container> cat /tmp/pwned'}, {'type': 'paragraph', 'content': 'If the file contains the expected string (e.g., "RCE!"), the system is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known mitigations or countermeasures available for this vulnerability.
The vendor was contacted but did not respond, and no patches or fixes have been released.
The recommended immediate step is to replace or disable the affected product (eosphoros-ai db-gpt version 0.7.5) to prevent exploitation.
Additionally, restricting network access to the vulnerable endpoint and monitoring for suspicious POST requests to /api/v1/serve/awel/flow/import may help reduce risk until a fix is available.