SQLBot, an intelligent data query system leveraging large language models and retrieval-augmented generation (RAG), suffers from a critical SQL Injection vulnerability (CVE-2026-32950) in versions before 1.7.0. The vulnerability exists in the /api/v1/datasource/uploadExcel endpoint where Excel sheet names are directly concatenated into PostgreSQL table names without any sanitization (in datasource.py at line 351). These table names are then embedded into COPY SQL commands using Python f-strings (lines 385-388), which do not provide protection against injection. The sheet name length is limited to 31 characters, but attackers can circumvent this by first uploading a normal Excel file containing data rows with shell commands, then uploading a second XML-tampered file with a crafted sheet name that injects a TO PROGRAM 'sh' clause into the SQL COPY statement. This results in Remote Code Execution as the postgres user (uid=999), enabling attackers to execute arbitrary shell commands, exfiltrate sensitive files such as /etc/passwd and /etc/shadow, and fully compromise the PostgreSQL database. The vulnerability requires authentication but no additional user interaction. The flaw stems from improper neutralization of special elements in SQL commands (CWE-89) and improper neutralization of special elements used in OS commands (CWE-78). The vulnerability is rated high severity with a CVSS 4.0 score of 8.6 and has been patched in SQLBot version 1.7.0.

The impact of CVE-2026-32950 is severe for organizations using vulnerable versions of SQLBot. An attacker with any authenticated access can achieve Remote Code Execution on the backend server as the postgres user, which typically has extensive privileges over the database and potentially the host system. This can lead to complete database compromise, unauthorized data access, data exfiltration including sensitive system files, and potential lateral movement within the network. The ability to execute arbitrary shell commands elevates the risk to full system takeover, data destruction, or deployment of ransomware or other malware. Organizations relying on SQLBot for data querying and integration face significant risks to confidentiality, integrity, and availability of their data and systems. The vulnerability's exploitation does not require user interaction beyond authentication, increasing the likelihood of successful attacks if credentials are compromised or weakly protected.

To mitigate this vulnerability, organizations should immediately upgrade SQLBot to version 1.7.0 or later where the issue is fixed. Until upgrade is possible, restrict access to the /api/v1/datasource/uploadExcel endpoint to trusted users only and enforce strong authentication and authorization controls to limit who can upload Excel files. Implement network segmentation and monitoring to detect unusual database or shell command activity. Review and sanitize all user-supplied inputs, especially Excel sheet names, ensuring they are validated against a strict whitelist of allowed characters and lengths before use in SQL statements. Avoid using string concatenation or f-strings for SQL commands; instead, use parameterized queries or prepared statements. Employ database roles with least privilege, ensuring the postgres user or equivalent does not have unnecessary OS-level permissions. Conduct regular audits of database logs and system activity to detect potential exploitation attempts. Finally, educate developers on secure coding practices to prevent similar injection flaws.