Plataforma
python
Componente
premsql
Corrigido em
0.2.1
0.2.2
A code injection vulnerability has been discovered in premsql versions 0.2.0 through 0.2.1. This flaw resides within the eval function of the premsql/agents/baseline/workers/followup.py file, allowing attackers to manipulate the result argument and potentially execute arbitrary code. The vulnerability is remotely exploitable and a public exploit is available, increasing the risk of immediate attacks. While a fix is not yet available, mitigation strategies are possible.
Successful exploitation of CVE-2026-5594 allows an attacker to execute arbitrary code on the system running premsql. This could lead to complete system compromise, including data exfiltration, modification, or deletion. Given the remote nature of the vulnerability and the availability of a public exploit, the potential impact is significant. An attacker could leverage this to gain persistent access, move laterally within the network if premsql is integrated with other systems, and potentially compromise sensitive data managed by the application. The blast radius extends to any data processed or stored by premsql.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2026-04-05. The vendor, premsql, was contacted but did not respond. The vulnerability is not currently listed on CISA KEV, but its public exploit status warrants close monitoring. The ease of exploitation suggests a potentially high probability of widespread attacks if left unaddressed.
Organizations utilizing premsql in production environments, particularly those with limited security controls or those processing sensitive data, are at significant risk. Environments where premsql is exposed to untrusted external input are especially vulnerable. Users relying on premsql for critical business processes should prioritize mitigation efforts.
• python / server:
import os
import subprocess
def check_premsql_vulnerability():
try:
# Check for the vulnerable file
if os.path.exists('/path/to/premsql/agents/baseline/workers/followup.py'): # Replace with actual path
# Attempt to trigger the vulnerability (example - replace with actual exploit)
# This is a placeholder and needs to be adapted to the specific exploit
subprocess.run(['python', '/path/to/premsql/agents/baseline/workers/followup.py', '--malicious-input'], check=True)
print('Potential vulnerability detected!')
else:
print('premsql not found.')
except subprocess.CalledProcessError as e:
print(f'Error during check: {e}')
check_premsql_vulnerability()disclosure
poc
Status do Exploit
EPSS
0.05% (percentil 15%)
CISA SSVC
Vetor CVSS
Due to the lack of a direct patch, mitigation focuses on limiting the attack surface. Implement strict input validation on all data passed to the eval function within premsql/agents/baseline/workers/followup.py. Specifically, sanitize the result argument to prevent malicious code injection. Consider restricting the execution environment of premsql to a sandboxed container with limited privileges. While not a complete solution, this can reduce the potential impact of a successful exploit. Monitor system logs for unusual activity related to premsql, particularly any attempts to execute unexpected commands. Regularly review and update the codebase to address potential vulnerabilities.
Atualize para uma versão corrigida de premsql que solucione a vulnerabilidade de injeção de código. Revise o código fonte para identificar e remover qualquer instância da função `eval` que possa ser vulnerável à manipulação de argumentos. Implemente uma validação de entrada robusta para prevenir a injeção de código.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-5594 is a medium severity code injection vulnerability affecting premsql versions 0.2.0–0.2.1. It allows attackers to execute arbitrary code by manipulating the 'result' argument in a specific file.
You are affected if you are using premsql versions 0.2.0 or 0.2.1 and have not implemented mitigation strategies. The vulnerability is remotely exploitable and a public exploit exists.
A direct patch is not yet available. Mitigation involves strict input validation on the 'result' argument and restricting the execution environment of premsql.
Yes, a public exploit is available, indicating a high probability of active exploitation. Monitor your systems closely for suspicious activity.
As of the disclosure date, premsql has not released an official advisory. Monitor the premsql project's website and GitHub repository for updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.