📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global phishing Cross-sector HIGH 4h Global vulnerability Enterprise Software / ERP Systems CRITICAL 22m Global vulnerability IT Infrastructure CRITICAL 1h Global vulnerability Technology and Software Development HIGH 2h Global vulnerability Enterprise IT and Government CRITICAL 2h Global ransomware Multiple Sectors / Enterprise CRITICAL 3h Global general Technology and Legal MEDIUM 3h Global ransomware Financial Services / Cryptocurrency CRITICAL 4h Global general Industrial Control Systems / Operational Technology HIGH 5h Global apt Managed Service Providers (MSPs) / IT Services HIGH 6h Global phishing Cross-sector HIGH 4h Global vulnerability Enterprise Software / ERP Systems CRITICAL 22m Global vulnerability IT Infrastructure CRITICAL 1h Global vulnerability Technology and Software Development HIGH 2h Global vulnerability Enterprise IT and Government CRITICAL 2h Global ransomware Multiple Sectors / Enterprise CRITICAL 3h Global general Technology and Legal MEDIUM 3h Global ransomware Financial Services / Cryptocurrency CRITICAL 4h Global general Industrial Control Systems / Operational Technology HIGH 5h Global apt Managed Service Providers (MSPs) / IT Services HIGH 6h Global phishing Cross-sector HIGH 4h Global vulnerability Enterprise Software / ERP Systems CRITICAL 22m Global vulnerability IT Infrastructure CRITICAL 1h Global vulnerability Technology and Software Development HIGH 2h Global vulnerability Enterprise IT and Government CRITICAL 2h Global ransomware Multiple Sectors / Enterprise CRITICAL 3h Global general Technology and Legal MEDIUM 3h Global ransomware Financial Services / Cryptocurrency CRITICAL 4h Global general Industrial Control Systems / Operational Technology HIGH 5h Global apt Managed Service Providers (MSPs) / IT Services HIGH 6h
Vulnerabilities

CVE-2026-42463

High ⚡ Exploit Available
CWE-639 — Weakness Type
Published: May 13, 2026  ·  Modified: May 20, 2026  ·  Source: NVD
CVSS v3
8.1
🔗 NVD Official
📄 Description (English)

SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema endpoints. An attacker can access and modify database schemas and data sources belonging to other tenants/workspaces. This vulnerability is fixed in 1.8.0.

🤖 AI Executive Summary

SQLBot versions prior to 1.8.0 contain a critical Cross-Workspace IDOR vulnerability allowing attackers to access and modify database schemas across different tenants/workspaces without proper authorization. With CVSS 8.1 and active exploits available, this poses immediate risk to multi-tenant deployments in Saudi organizations. Urgent patching to version 1.8.0 or later is required to prevent unauthorized data access and manipulation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 20, 2026 05:22
🇸🇦 Saudi Arabia Impact Assessment
Banking and Financial Services (SAMA-regulated institutions, payment processors) face critical risk as SQLBot may be used for data analytics and reporting on sensitive financial data. Government agencies and digital transformation initiatives using SQLBot for data management could experience unauthorized access to classified or sensitive databases. Healthcare organizations (MOH systems) storing patient data through SQLBot deployments are at high risk of HIPAA-equivalent violations. Telecommunications sector (STC, Mobily) using SQLBot for customer data analytics could face data breaches. Energy sector (ARAMCO, utilities) managing operational databases through SQLBot could experience industrial control system compromise. E-commerce and fintech startups in KAUST and tech hubs using SQLBot for multi-tenant SaaS platforms are directly vulnerable.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications E-commerce and Fintech Education and Research Insurance
⚖️ Saudi Risk Score (AI)
8.7
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all SQLBot instances in your environment and document version numbers

2. Isolate or restrict network access to SQLBot /api/v1/datasource endpoints immediately

3. Review access logs for the vulnerable endpoints (exportDsSchema, uploadDsSchema) for unauthorized access patterns

4. Implement WAF rules to block requests to vulnerable endpoints until patching is complete



PATCHING GUIDANCE:

1. Upgrade SQLBot to version 1.8.0 or later immediately

2. Test patches in non-production environments first

3. Coordinate with Fit2Cloud for emergency patching if on-premises deployment

4. Verify patch effectiveness by testing cross-workspace access restrictions



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement network segmentation to restrict SQLBot access to authorized users only

2. Deploy API gateway with strict authentication and authorization checks

3. Enable request signing and mutual TLS for all API communications

4. Implement workspace-level access controls at the application layer

5. Monitor and log all datasource schema operations with alerting on cross-workspace access attempts



DETECTION RULES:

1. Alert on POST/GET requests to /api/v1/datasource/exportDsSchema with workspace_id parameter mismatches

2. Monitor for rapid sequential requests to uploadDsSchema from single source IP

3. Flag any datasource modifications originating from unexpected user accounts or API keys

4. Detect schema export operations followed by modifications in different workspace contexts

5. Log all authentication failures and authorization denials on datasource endpoints
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حدد جميع مثيلات SQLBot في بيئتك وقثق أرقام الإصدارات

2. عزل أو تقييد الوصول إلى شبكة نقاط نهاية SQLBot /api/v1/datasource فوراً

3. راجع سجلات الوصول للنقاط النهائية الضعيفة (exportDsSchema, uploadDsSchema) للبحث عن أنماط الوصول غير المصرح به

4. تطبيق قواعد WAF لحظر الطلبات إلى النقاط النهائية الضعيفة حتى اكتمال التصحيح



إرشادات التصحيح:

1. ترقية SQLBot إلى الإصدار 1.8.0 أو أحدث فوراً

2. اختبر التصحيحات في بيئات غير الإنتاج أولاً

3. تنسيق مع Fit2Cloud للتصحيح الطارئ إذا كان النشر محلياً

4. تحقق من فعالية التصحيح بواسطة اختبار قيود الوصول عبر مساحات العمل



الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تطبيق تقسيم الشبكة لتقييد الوصول إلى SQLBot للمستخدمين المصرح لهم فقط

2. نشر بوابة API مع فحوصات المصادقة والتفويض الصارمة

3. تفعيل توقيع الطلب و TLS المتبادل لجميع اتصالات API

4. تطبيق ضوابط الوصول على مستوى مساحة العمل في طبقة التطبيق

5. مراقبة وتسجيل جميع عمليات مخطط datasource مع التنبيه على محاولات الوصول عبر مساحات العمل



قواعد الكشف:

1. تنبيه على طلبات POST/GET إلى /api/v1/datasource/exportDsSchema مع عدم تطابق معاملات workspace_id

2. مراقبة الطلبات المتسلسلة السريعة إلى uploadDsSchema من عنوان IP واحد

3. وضع علم على أي تعديلات datasource تنشأ من حسابات مستخدم أو مفاتيح API غير متوقعة

4. كشف عمليات تصدير المخطط متبوعة بتعديلات في سياقات مساحة عمل مختلفة

5. تسجيل جميع فشل المصادقة والرفض المصرح به على نقاط نهاية datasource
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policy (unauthorized cross-workspace access) ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.5.3.1 - Password Management (API key/token security) ECC 2024 A.6.1.1 - Information Security Roles and Responsibilities ECC 2024 A.9.1.1 - Access Control (IDOR vulnerability) ECC 2024 A.9.2.1 - User Access Management ECC 2024 A.12.4.1 - Event Logging (audit trail for datasource access)
🔵 SAMA CSF
SAMA CSF ID.AC-1 - Access Control Policy and Procedures SAMA CSF ID.AC-2 - Physical and Logical Access Controls SAMA CSF PR.AC-1 - Identities and Credentials Management SAMA CSF PR.AC-3 - Access Enforcement SAMA CSF DE.AE-1 - Audit and Accountability SAMA CSF DE.CM-1 - System Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.2 - Information Security Policies ISO 27001:2022 A.6.2 - Information Security Roles and Responsibilities ISO 27001:2022 A.8.2 - Asset Management ISO 27001:2022 A.9.1 - Access Control ISO 27001:2022 A.9.2 - User Access Management ISO 27001:2022 A.9.4 - Access to Information Systems and Applications ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Configuration Standards PCI DSS 6.5.10 - Broken Authentication PCI DSS 7.1 - Limit Access to System Components PCI DSS 8.1 - User Identification and Authentication PCI DSS 10.1 - Implement Audit Trails
📦 Affected Products / CPE 1 entries
fit2cloud:sqlbot
📊 CVSS Score
8.1
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityN — None / Network
📋 Quick Facts
Severity High
CVSS Score8.1
CWECWE-639
EPSS0.03%
Exploit ✓ Yes
Patch ✗ No
Published 2026-05-13
Source Feed nvd
🇸🇦 Saudi Risk Score
8.7
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
exploit-available CWE-639
🏢 Vendor Advisories
🔗 https://github.com/dataease/SQLBot/security/advisori... 🔗 https://github.com/dataease/SQLBot/security/advisori...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.