Cyber Resilience

CVE-2026-30273

High

Published: 01 April 2026

Published
01 April 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0004 12.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30273 is a high-severity SQL Injection (CWE-89) vulnerability in Gabrieleventuri Pandasai. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30273 is a SQL injection vulnerability (CWE-89) in pandas-ai version 3.0.0, affecting the pandasai.agent.base._execute_sql_query component. Published on 2026-04-01, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.

Remote, unauthenticated attackers can exploit this vulnerability over the network with no user interaction required. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption within the affected SQL query execution context.

Advisories and further details are available in the referenced GitHub Gist (https://gist.github.com/CafeD1/21c32edbf1b63fd88a79c290ed2a8059) and the pandas-ai repository (https://github.com/sinaptik-ai/pandas-ai), which may provide guidance on patches or workarounds.

EU & UK References

Vulnerability details

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, pandas

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection (CWE-89) in a network-accessible component (pandasai.agent.base._execute_sql_query) directly enables remote exploitation of a public-facing application with no authentication or user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-22850Shared CWE-89
CVE-2024-12404Shared CWE-89
CVE-2024-13474Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89

Affected Assets

gabrieleventuri
pandasai
≤ 3.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes inputs to the pandasai.agent.base._execute_sql_query component, preventing SQL injection payloads from being executed.

prevent

Remediates the specific SQL injection flaw in pandas-ai v3.0.0 through timely patching or upgrading to a non-vulnerable version.

prevent

Enforces least privilege on database accounts used by pandas-ai, limiting the scope of unauthorized access, modification, or disruption from successful injections.

References