CVE-2026-3409 | eosphoros-ai db-gpt 0.7.5 Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

Inserito da Angelo Barbosa | Mar 1, 2026 | CVE

A vulnerability marked as critical has been reported in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation results in code injection.

This vulnerability was named CVE-2026-3409. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3409 | eosphoros-ai db-gpt 0.7.5 Flow Import Endpoint import importlib.machinery.SourceFileLoader.exec_module code injection

Post correlati

CVE-2026-0705 | Acronis Cloud Manager 6.2.23089.203/6.2.24135.272 on Windows default permission

CVE-2023-52311 | Paddle up to 2.5.x _wget_download os command injection (pdsa-2023-020)

CVE-2025-9042 | Rockwell Automation FLEX 5000 IO improper validation of specified type of input

CVE-2024-30806 | Axiomatic Bento4 1.6.0-641-2-g1529b83 Ap4Dec3Atom.cpp AP4_Dec3Atom denial of service