The vulnerability CVE-2026-32949 in dataease SQLBot (versions prior to 1.7.0) is a Server-Side Request Forgery (SSRF) flaw that arises from improper handling of MySQL datasource connectivity verification. SQLBot uses a large language model and Retrieval-Augmented Generation (RAG) to facilitate intelligent data queries. The vulnerable endpoint, /api/v1/datasource/check, accepts datasource configurations including JDBC parameters. An attacker can craft a malicious MySQL datasource with the parameter extraJdbc="local_infile=1". When SQLBot attempts to verify this datasource, it connects to an attacker-controlled rogue MySQL server. During the handshake, this rogue server issues a LOAD DATA LOCAL INFILE command, which instructs the SQLBot backend to read arbitrary files from its local filesystem. The contents of these files are then transmitted back to the attacker, enabling unauthorized disclosure of sensitive files such as system password files or configuration files. This vulnerability exploits the MySQL client’s capability to load local files, combined with SQLBot’s lack of validation on datasource parameters and untrusted server responses. The flaw requires no authentication or user interaction, making it highly exploitable remotely. The issue was addressed and fixed in SQLBot version 1.7.0 by presumably restricting or sanitizing the extraJdbc parameter and preventing rogue server commands during datasource checks.

This vulnerability can have severe consequences for organizations using vulnerable versions of SQLBot. Attackers can remotely and unauthenticatedly retrieve sensitive files from the server hosting SQLBot, potentially exposing system credentials, configuration secrets, or other critical data. Such information disclosure can lead to further compromise, including privilege escalation, lateral movement, or data breaches. The ability to read arbitrary files undermines confidentiality and may indirectly impact integrity if attackers leverage the information to alter system behavior. Since SQLBot is an intelligent data query system, organizations relying on it for business intelligence or data analytics may face operational disruptions or loss of trust. The vulnerability’s ease of exploitation and lack of required authentication increase the risk of widespread attacks, especially in environments where SQLBot is exposed to untrusted networks or the internet. Although no known exploits in the wild have been reported yet, the high CVSS score (8.7) reflects the critical nature of this flaw and the urgency for remediation.

Organizations should immediately upgrade SQLBot to version 1.7.0 or later, where this vulnerability is fixed. If upgrading is not immediately feasible, administrators should restrict access to the /api/v1/datasource/check endpoint to trusted internal networks only, using network segmentation and firewall rules. Additionally, monitoring and logging of datasource configuration attempts should be enhanced to detect suspicious or malformed datasource parameters, especially those including extraJdbc or local_infile options. Disabling or restricting the LOAD DATA LOCAL INFILE capability at the MySQL client or server level, if configurable, can reduce risk. Employing Web Application Firewalls (WAFs) with rules to detect and block SSRF patterns targeting this endpoint may provide temporary protection. Finally, conduct thorough audits of server files and credentials to identify any prior unauthorized access and implement strict access controls on sensitive files to minimize exposure.