Platform
python
Component
pandasai
Fixed in
3.0.1
CVE-2026-4997 describes a path traversal vulnerability affecting PandasAI version 3.0. This flaw allows a remote attacker to manipulate the issqlquerysafe function in pandasai/helpers/sqlsanitizer.py to potentially access sensitive files or directories outside of the intended scope. The vulnerability exists in PandasAI versions up to 3.0. No official patch is currently available.
A path traversal vulnerability has been discovered in PandasAI, affecting versions up to 3.0.0. The vulnerability lies within the issqlquerysafe function in the pandasai/helpers/sqlsanitizer.py file. An attacker can manipulate input to access files or directories outside the intended scope, potentially compromising data confidentiality, integrity, and availability. The vulnerability is rated CVSS 5.3, indicating a moderate risk. The public release of an exploit and its potential for active exploitation significantly increases the urgency of addressing this issue. The vendor's lack of response further complicates the situation, requiring users to take proactive mitigation steps.
The vulnerability resides in the issqlquery_safe function, designed to validate SQL queries. An attacker can manipulate the input to bypass this validation and execute commands that allow access to arbitrary files on the system. The remote nature of the exploitation means an attacker can leverage this vulnerability from anywhere with access to the PandasAI application. The public exploit release facilitates attack replication and increases the risk of malicious actors utilizing it. The vendor's lack of response exacerbates the situation, as there is no official patch available to protect against this threat.
Exploit Status
EPSS
0.07% (23% percentile)
CISA SSVC
CVSS Vector
Given the vendor's lack of a provided fix, the immediate mitigation is to avoid using PandasAI until a patched version is released. If PandasAI usage is essential, implement additional security controls, such as strict user input validation, running the application in an isolated environment (sandbox), and continuous system activity monitoring for signs of exploitation. Limiting the privileges of the account running PandasAI can also minimize the potential impact of a successful exploit. Updating to the latest versions of PandasAI's dependencies may also help reduce the attack surface, although it doesn't guarantee vulnerability removal.
Update the PandasAI library to a version later than 3.0. Since no fixed version is available, it is recommended to monitor the project for future updates that address this path traversal vulnerability. Alternatively, carefully review and validate SQL queries before passing them to the is_sql_query_safe function.
Vulnerability analysis and critical alerts directly to your inbox.
Path traversal is a vulnerability that allows an attacker to access files or directories outside the intended scope, often by manipulating user input.
If you are using PandasAI version 3.0.0 or earlier, you are vulnerable. Review system logs for suspicious activity.
Isolate the affected system from the network, back up important data, and contact a cybersecurity professional for assessment and remediation.
Until the vendor releases a fix, avoid using PandasAI or implement additional security controls, such as input validation and running in a sandbox.
The vendor's lack of response is concerning and hinders obtaining an official solution. Monitor the vendor's communications for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.