SQL Injection Vulnerability in Pandas-AI by Sinaptik AI
CVE-2026-30273

7.3HIGH

Key Information:

Vendor: Sinaptik AI
Status: Pandas-AI
Vendor: CVE Published:; 1 April 2026

🔔 Create Sinaptik AI Vulnerability Alert

What is CVE-2026-30273?

A SQL injection vulnerability has been identified in Pandas-AI v3.0.0, specifically within the pandasai.agent.base._execute_sql_query component. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data exposure or manipulation. Users of this software should take immediate action to assess their environment and implement necessary security measures to mitigate potential risks associated with this vulnerability.

References

https://github.com/sinaptik-ai/pandas-ai

https://gist.github.com/CafeD1/21c32edbf1b63fd88a79c290ed...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30273 Data

JSON