CVE-2026-30273
Published: 01 April 2026
Summary
CVE-2026-30273 is a high-severity SQL Injection (CWE-89) vulnerability in Gabrieleventuri Pandasai. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-30273 is a SQL injection vulnerability (CWE-89) in pandas-ai version 3.0.0, affecting the pandasai.agent.base._execute_sql_query component. Published on 2026-04-01, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.
Remote, unauthenticated attackers can exploit this vulnerability over the network with no user interaction required. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption within the affected SQL query execution context.
Advisories and further details are available in the referenced GitHub Gist (https://gist.github.com/CafeD1/21c32edbf1b63fd88a79c290ed2a8059) and the pandas-ai repository (https://github.com/sinaptik-ai/pandas-ai), which may provide guidance on patches or workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17959
Vulnerability details
pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, pandas
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection (CWE-89) in a network-accessible component (pandasai.agent.base._execute_sql_query) directly enables remote exploitation of a public-facing application with no authentication or user interaction required.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates and sanitizes inputs to the pandasai.agent.base._execute_sql_query component, preventing SQL injection payloads from being executed.
Remediates the specific SQL injection flaw in pandas-ai v3.0.0 through timely patching or upgrading to a non-vulnerable version.
Enforces least privilege on database accounts used by pandas-ai, limiting the scope of unauthorized access, modification, or disruption from successful injections.