प्लेटफ़ॉर्म
python
घटक
db-gpt
में ठीक किया गया
0.7.6
CVE-2026-3409 is a code injection vulnerability affecting db-gpt versions 0.7.5. This flaw resides within the Flow Import Endpoint, enabling remote attackers to execute arbitrary code. The vulnerability's public exploit availability significantly elevates the risk of exploitation. A fix is pending, and users should implement mitigation strategies.
The code injection vulnerability in db-gpt allows an attacker to execute arbitrary code on the server hosting the application. This can lead to complete system compromise, including data exfiltration, modification, and denial of service. Given the remote accessibility of the affected endpoint, the blast radius is significant, potentially impacting any system connected to the vulnerable db-gpt instance. The availability of a public exploit dramatically increases the likelihood of exploitation, making it a high-priority security concern. Successful exploitation could allow attackers to gain persistent access and move laterally within the network.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. It was added to the CISA KEV catalog on an unknown date. The vendor has not responded to early disclosure attempts, which increases the urgency of implementing mitigations.
Organizations utilizing db-gpt version 0.7.5, particularly those exposing the Flow Import Endpoint to external networks or untrusted sources, are at significant risk. Environments with limited security monitoring or input validation practices are especially vulnerable.
• python / server:
import os
import subprocess
# Check for suspicious files in the flow import directory
import_dir = '/path/to/db-gpt/awel/flow'
for filename in os.listdir(import_dir):
if filename.endswith('.py') and 'eval(' in open(os.path.join(import_dir, filename)).read():
print(f'Suspicious file found: {filename}')• linux / server:
# Monitor process activity for unexpected python executions
journalctl -f -u db-gpt | grep 'python' | grep 'eval'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.06% (18% शतमक)
CISA SSVC
CVSS वेक्टर
Due to the lack of a fixed version, immediate mitigation is crucial. Implement strict input validation on all data passed to the Flow Import Endpoint. Consider temporarily disabling the endpoint if possible. Employ a Web Application Firewall (WAF) with rules to block suspicious requests targeting the /api/v1/serve/awel/flow/import endpoint, specifically looking for unusual file imports or execution attempts. Monitor system logs for unusual process activity or file modifications. Regularly scan the system for unauthorized code execution.
Actualizar a una versión parcheada de db-gpt que solucione la vulnerabilidad de inyección de código. Si no hay una versión disponible, considerar deshabilitar o restringir el acceso al endpoint Flow Import Endpoint hasta que se publique una solución.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-3409 is a code injection vulnerability in db-gpt version 0.7.5, allowing remote code execution via the Flow Import Endpoint. It's rated HIGH severity (7.3 CVSS).
If you are running db-gpt version 0.7.5 and expose the /api/v1/serve/awel/flow/import endpoint, you are potentially affected. Immediate mitigation is required.
A patch is currently unavailable. Implement input validation, disable the endpoint if possible, and use a WAF to mitigate the risk until a fix is released.
Yes, a public exploit is available, indicating a high probability of active exploitation. Monitor your systems closely.
As of this writing, no official advisory has been released by the db-gpt vendor. Monitor their website and GitHub repository for updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।