CVE-2026-32949 is a Server-Side Request Forgery (SSRF) vulnerability affecting dataease SQLBot, an intelligent data query system leveraging large language models and retrieval-augmented generation (RAG). Versions prior to 1.7.0 are vulnerable. The flaw exists in the /api/v1/datasource/check endpoint, which verifies connectivity to configured MySQL data sources. An attacker can craft a malicious MySQL data source configuration with the parameter extraJdbc="local_infile=1". When SQLBot attempts to connect, it performs a MySQL handshake with the attacker-controlled rogue MySQL server. During this handshake, the rogue server issues a LOAD DATA LOCAL INFILE command, exploiting the enabled local_infile feature to force SQLBot to read arbitrary files from its local filesystem. The contents of these files are then transmitted back to the attacker. This vulnerability leverages CWE-918 (SSRF) and CWE-73 (External Control of File Name or Path). No authentication or user interaction is required, and the attack can be performed remotely over the network. The vulnerability allows attackers to exfiltrate sensitive files such as system password files (/etc/passwd) or application configuration files, potentially leading to further compromise. The issue was addressed and fixed in SQLBot version 1.7.0 by presumably restricting or sanitizing the data source connectivity checks and disabling unsafe local_infile usage during handshake. No known exploits are reported in the wild yet, but the high CVSS score (8.7) indicates a critical risk if exploited.

The primary impact of CVE-2026-32949 is unauthorized disclosure of sensitive information from the server hosting SQLBot. Attackers can retrieve critical system files (e.g., /etc/passwd), application configuration files, or other sensitive data, which may contain credentials, secrets, or system details. This information leakage can facilitate further attacks such as privilege escalation, lateral movement, or data breaches. Since the vulnerability requires no authentication and no user interaction, it can be exploited remotely by unauthenticated attackers, increasing the attack surface. Organizations relying on SQLBot for data querying and analytics may face significant confidentiality breaches, potentially exposing customer data or internal infrastructure details. The vulnerability does not directly allow code execution or availability disruption but can be a stepping stone for more severe attacks. The lack of known exploits in the wild suggests limited immediate risk but also highlights the need for proactive patching before attackers develop weaponized exploits. Overall, the impact is high due to the ease of exploitation and the sensitivity of data that can be accessed.

1. Upgrade SQLBot to version 1.7.0 or later immediately to apply the official fix that addresses this SSRF vulnerability. 2. If upgrading is temporarily not possible, restrict network access to the /api/v1/datasource/check endpoint to trusted internal IPs only, preventing external attackers from reaching it. 3. Implement strict input validation and sanitization on data source configurations to disallow unsafe parameters such as extraJdbc="local_infile=1". 4. Disable or restrict the MySQL local_infile feature on the server side if not required, as it is a common vector for file reading attacks. 5. Monitor network traffic and logs for unusual MySQL handshake patterns or unexpected LOAD DATA LOCAL INFILE commands originating from SQLBot servers. 6. Employ network segmentation to isolate SQLBot servers from sensitive file systems or critical infrastructure. 7. Conduct regular security audits and penetration testing focusing on SSRF and file read vulnerabilities in data integration components. 8. Educate developers and administrators about the risks of enabling local_infile and the importance of secure data source configurations.