CVE-2026-5586 | zhongyu09 openchatbi up to 0.2.1 Multi-stage Text2SQL Workflow keywords sql injection

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability categorized as critical has been discovered in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection.

The identification of this vulnerability is CVE-2026-5586. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5586 | zhongyu09 openchatbi up to 0.2.1 Multi-stage Text2SQL Workflow keywords sql injection

Post correlati

CVE-2026-1124 | Yonyou KSOA 9.0 HTTP GET Parameter work_report.jsp ID sql injection

CVE-2026-24409 | InternationalColorConsortium iccDEV up to 2.3.1.1/2.3.1.2 ParseXml input validation (ID 484)

CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER[‘HOST’] http headers for scripting syntax

CVE-2024-0155 | Dell Digital Delivery prior 5.0.86.0 use after free (dsa-2024-033)