CVE-2026-4504 | eosphoros-ai db-gpt up to 0.7.5 Incomplete Fix /api/v1/editor/ sql injection

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability marked as critical has been reported in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection.

The identification of this vulnerability is CVE-2026-4504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4504 | eosphoros-ai db-gpt up to 0.7.5 Incomplete Fix /api/v1/editor/ sql injection

Post correlati

CVE-2024-36843 | libmodbus 3.1.6 modbus_mapping_free heap-based overflow

CVE-2024-27033 | Linux Kernel up to 6.6.22/6.7.10/6.8.1 f2fs_bug_on denial of service

CVE-2024-25957 | Dell Grab up to 5.0.4 on Windows appsync log file (dsa-2024-121)

CVE-2019-20457 | Brother MFC-J491DW C1806180757 Password Hash authentication replay