CVE-2026-4997
Received Received - Intake
Path Traversal in Sinaptik AI PandasAI SQL Sanitizer Allows Remote Exploits

Publication date: 2026-03-28

Last updated on: 2026-03-28

Assigner: VulDB

Description
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-28
Last Modified
2026-03-28
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4997
EUVD
EUVD-2026-16924
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sinaptik ai_pandasai to 3.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Sinaptik AI PandasAI up to version 3.0.0, specifically in the function is_sql_query_safe within the file pandasai/helpers/sql_sanitizer.py.

The flaw allows an attacker to perform a path traversal attack by manipulating the function, potentially enabling unauthorized access to files.

The attack can be initiated remotely, and the exploit code has already been publicly released.

Impact Analysis

The vulnerability can lead to unauthorized reading of files on the system where Sinaptik AI PandasAI is running.

Since the attack can be performed remotely without authentication, it increases the risk of sensitive data exposure.

The CVSS v3.1 score of 5.3 indicates a medium severity impact, primarily affecting confidentiality.

Compliance Impact

The vulnerability in Sinaptik AI PandasAI allows for path traversal via the is_sql_query_safe function, which can lead to unauthorized arbitrary file read. This type of security flaw can potentially expose sensitive data if exploited.

Exposure of sensitive data through such vulnerabilities can impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and health information against unauthorized access.

However, the provided information does not explicitly detail the direct impact on compliance or specific regulatory consequences.

Detection Guidance

Detection of this vulnerability involves checking for exploitation attempts targeting the is_sql_query_safe function in pandasai/helpers/sql_sanitizer.py, particularly those attempting path traversal via SQL query manipulation.

Since the exploit involves arbitrary file read via DuckDB's read_csv_auto() bypass, monitoring logs for unusual SQL queries or file access patterns related to DuckDB or PandasAI usage can help detect exploitation.

Specific commands are not provided in the resources, but general approaches include:

  • Review application logs for suspicious SQL queries that include path traversal characters such as '../' or absolute file paths.
  • Use network monitoring tools to detect unusual remote requests targeting the vulnerable function.
  • If you have access to the environment running PandasAI, you can attempt to reproduce the exploit in a controlled manner to confirm vulnerability.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable application and monitoring for exploitation attempts.

Since the vulnerability allows remote path traversal via the is_sql_query_safe function, it is important to:

  • Limit network exposure of the Sinaptik AI PandasAI service to trusted users only.
  • Implement input validation and sanitization to prevent malicious SQL queries from reaching the vulnerable function.
  • Apply any available patches or updates from the vendor once they become available.
  • In the absence of vendor response, consider disabling or isolating the vulnerable functionality until a fix is released.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4997. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart