CVE-2025-15598

Medium CVSS: 6.3

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Vendor

Fit2cloud

Product

Sqlbot

CWE

CWE-345

Yayın Tarihi

2026-03-03 10:16:05

Güncelleme

2026-03-05 21:52:08

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-345 Sqlbot MEDIUM Fit2cloud 2026

Referanslar

https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md https://vuldb.com/?ctiid.348292 https://vuldb.com/?id.348292 https://vuldb.com/?submit.707291

Benzer Kayıtlar

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps…