CVE-2026-5586
SQL Injection in Zhongyu09 OpenChatBI Multi-stage Text2SQL Workflow
Publication date: 2026-04-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhongyu09 | openchatbi | to 0.2.1 (inc) |
| zhongyu09 | openchatbi | to 0.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict validation and sanitization of all SQL commands generated by the openchatbi Text2SQL workflow before execution.
- Whitelist only safe SQL commands such as SELECT and block dangerous commands like `COPY FROM PROGRAM`.
- Parse and verify the SQL structure to ensure it matches expected patterns and does not contain injection payloads.
- Monitor and restrict the privileges of the PostgreSQL user account used by openchatbi to limit the impact of any potential exploitation.
- Apply any available patches or updates from the vendor once released, although the vendor has not responded to this disclosure yet.
Can you explain this vulnerability to me?
CVE-2026-5586 is a critical vulnerability in the openchatbi software (up to version 0.2.1) affecting its multi-stage Text2SQL workflow. This workflow converts user input into SQL queries executed on a PostgreSQL database. The vulnerability arises because the SQL generated by the language model is executed directly without any validation or sanitization.
An attacker can manipulate the input prompts at various stages of the workflow to inject arbitrary SQL commands. This includes dangerous PostgreSQL commands like COPY FROM PROGRAM, which can execute arbitrary system commands on the database server.
The attack flow involves manipulating the agent call tool, information extraction, schema linking, SQL generation, and finally SQL execution stages to run malicious SQL commands remotely.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution on the PostgreSQL database server hosting openchatbi.
- Execution of arbitrary system commands on the database server.
- Exfiltration of sensitive data through arbitrary SELECT queries.
- Manipulation or destruction of data using DDL (Data Definition Language) or DML (Data Manipulation Language) statements.
- Potential full compromise of the database server, which could be used as a pivot point for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or malicious SQL commands executed on the PostgreSQL database, especially those involving the use of the `COPY FROM PROGRAM` command, which is not commonly used in normal operations.
Detection can also involve reviewing logs for SQL queries generated by the openchatbi Text2SQL workflow that include suspicious keywords or commands indicative of SQL injection or prompt injection.
Suggested commands to detect exploitation attempts include querying PostgreSQL logs for the presence of `COPY FROM PROGRAM` or other unexpected SQL commands:
- grep -i 'COPY FROM PROGRAM' /var/log/postgresql/postgresql.log
- psql -U [username] -d [database] -c "SELECT query, calls, total_time FROM pg_stat_statements WHERE query LIKE '%COPY FROM PROGRAM%';"
- Check application logs for suspicious prompts or JSON outputs manipulated by the attacker in the multi-stage Text2SQL workflow.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-5586 vulnerability allows attackers to execute arbitrary SQL commands and system commands on the PostgreSQL database server used by openchatbi. This can lead to unauthorized data exfiltration, data manipulation, and full database compromise.
Such unauthorized access and potential data breaches can result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to protect sensitive personal and health information.
Specifically, the ability to exfiltrate sensitive data or manipulate/destroy data could violate confidentiality, integrity, and availability requirements mandated by these regulations.
Therefore, organizations using vulnerable versions of openchatbi may face compliance risks and potential legal and financial consequences if this vulnerability is exploited.