CVE-2026-4997
Path Traversal in Sinaptik AI PandasAI SQL Sanitizer Allows Remote Exploits
Publication date: 2026-03-28
Last updated on: 2026-03-28
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sinaptik | ai_pandasai | to 3.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Sinaptik AI PandasAI up to version 3.0.0, specifically in the function is_sql_query_safe within the file pandasai/helpers/sql_sanitizer.py.
The flaw allows an attacker to perform a path traversal attack by manipulating the function, potentially enabling unauthorized access to files.
The attack can be initiated remotely, and the exploit code has already been publicly released.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized reading of files on the system where Sinaptik AI PandasAI is running.
Since the attack can be performed remotely without authentication, it increases the risk of sensitive data exposure.
The CVSS v3.1 score of 5.3 indicates a medium severity impact, primarily affecting confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Sinaptik AI PandasAI allows for path traversal via the is_sql_query_safe function, which can lead to unauthorized arbitrary file read. This type of security flaw can potentially expose sensitive data if exploited.
Exposure of sensitive data through such vulnerabilities can impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access.
However, the provided information does not explicitly detail the direct impact on compliance or specific regulatory consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for exploitation attempts targeting the is_sql_query_safe function in pandasai/helpers/sql_sanitizer.py, particularly those attempting path traversal via SQL query manipulation.
Since the exploit involves arbitrary file read via DuckDB's read_csv_auto() bypass, monitoring logs for unusual SQL queries or file access patterns related to DuckDB or PandasAI usage can help detect exploitation.
Specific commands are not provided in the resources, but general approaches include:
- Review application logs for suspicious SQL queries that include path traversal characters such as '../' or absolute file paths.
- Use network monitoring tools to detect unusual remote requests targeting the vulnerable function.
- If you have access to the environment running PandasAI, you can attempt to reproduce the exploit in a controlled manner to confirm vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable application and monitoring for exploitation attempts.
Since the vulnerability allows remote path traversal via the is_sql_query_safe function, it is important to:
- Limit network exposure of the Sinaptik AI PandasAI service to trusted users only.
- Implement input validation and sanitization to prevent malicious SQL queries from reaching the vulnerable function.
- Apply any available patches or updates from the vendor once they become available.
- In the absence of vendor response, consider disabling or isolating the vulnerable functionality until a fix is released.