CVE-2026-3409
Received Received - Intake
Remote Code Injection in eosphoros-ai db-gpt Flow Import Endpoint

Publication date: 2026-03-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3409
EUVD
EUVD-2026-9142
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eosphoros-ai db-gpt 0.7.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-3409 is a critical security vulnerability in eosphoros-ai db-gpt version 0.7.5, specifically in the Flow Import Endpoint at /api/v1/serve/awel/flow/import. The flaw allows an attacker to upload a specially crafted ZIP file containing a Python package with malicious code. When the server processes this ZIP file, it executes the malicious Python code without any validation or sandboxing using Python's importlib.machinery.SourceFileLoader.exec_module() function."}, {'type': 'paragraph', 'content': 'The vulnerability is worsened by the fact that authentication is bypassed for all /api/v1 paths, allowing unauthenticated remote attackers to exploit this issue. The attack involves uploading a ZIP file with a manifest declaring the package as Python code, which leads to execution of the malicious __init__.py file on the server.'}] [1, 2]

Impact Analysis

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on the affected server with root privileges. This can lead to full server compromise, including data exfiltration, installation of persistent backdoors, and complete loss of confidentiality, integrity, and availability of the system.

  • Remote Code Execution (RCE) with root privileges.
  • Bypassing authentication mechanisms.
  • Potential full server takeover and persistent backdoor installation.
  • Data theft or destruction.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the vulnerable endpoint with a crafted ZIP file containing malicious Python code and verifying if the code executes on the target system.'}, {'type': 'paragraph', 'content': 'A suggested detection method involves sending a POST request to the vulnerable endpoint /api/v1/serve/awel/flow/import with a ZIP file containing a dbgpts.toml manifest specifying definition_type="python" and an __init__.py file with code that creates a detectable artifact.'}, {'type': 'paragraph', 'content': 'For example, you can use the following curl command to test the vulnerability:'}, {'type': 'list_item', 'content': 'curl -X POST "http://localhost:5670/api/v1/serve/awel/flow/import" -F "[email\xa0protected]" -F "save_flow=false"'}, {'type': 'paragraph', 'content': 'After sending the request, check for the presence of the artifact created by the malicious code, such as a file /tmp/pwned inside the container:'}, {'type': 'list_item', 'content': 'docker exec <container> cat /tmp/pwned'}, {'type': 'paragraph', 'content': 'If the file contains the expected string (e.g., "RCE!"), the system is vulnerable.'}] [1]

Mitigation Strategies

Currently, there are no known mitigations or countermeasures available for this vulnerability.

The vendor was contacted but did not respond, and no patches or fixes have been released.

The recommended immediate step is to replace or disable the affected product (eosphoros-ai db-gpt version 0.7.5) to prevent exploitation.

Additionally, restricting network access to the vulnerable endpoint and monitoring for suspicious POST requests to /api/v1/serve/awel/flow/import may help reduce risk until a fix is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3409. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart