Cyber Resilience

CVE-2026-33324

CriticalPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0060 44.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-33324 is a critical-severity SQL Injection (CWE-89) vulnerability in Fit2Cloud Sqlbot. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the LLM/Generative AI Risks risk domain.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering…

more

or escaping, and the SQL extracted from the LLM response is executed against the database without validation or sanitization. An authenticated attacker can craft a malicious question to manipulate the LLM into generating and executing arbitrary SQL statements. When connected to a PostgreSQL data source, this can lead to remote code execution via COPY FROM PROGRAM. This issue has been fixed in version 1.7.1.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm, prompt injection

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Prompt/SQL injection enables arbitrary SQL execution leading to RCE on PostgreSQL via COPY FROM PROGRAM, directly mapping to public app exploitation and Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32950Same product: Fit2Cloud Sqlbot
CVE-2026-32622Same product: Fit2Cloud Sqlbot
CVE-2026-32949Same product: Fit2Cloud Sqlbot
CVE-2025-70981Same vendor: Fit2Cloud
CVE-2025-56413Same vendor: Fit2Cloud
CVE-2026-22687Shared CWE-89
CVE-2026-30860Shared CWE-89
CVE-2025-25112Shared CWE-89
CVE-2026-7815Shared CWE-89
CVE-2024-10835Shared CWE-89

Affected Assets

fit2cloud
sqlbot
≤ 1.7.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References