← volver
CVE-2026-5596

griptape-ai griptape SqlTool tool.py sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
griptape-ai · griptape
PoCs públicas encontradas1
cve_referencegithub.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.mdno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Ka7arotto/cve/blob/main/griptape/text2sqlTool/issue.mdhttps://vuldb.com/submit/784464https://vuldb.com/vuln/355390https://vuldb.com/vuln/355390/cti