CVE-2026-5586

MEDIUM 6.3

zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

1th

A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	zhongyu09
Product	openchatbi
Published	Apr 5, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for zhongyu09 openchatbi

Be the first to know when new medium vulnerabilities affecting zhongyu09 openchatbi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

zhongyu09 / openchatbi

0.2.0 0.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355385 vuldb.com: https://vuldb.com/vuln/355385/cti vuldb.com: https://vuldb.com/submit/784454 github.com: https://github.com/Ka7arotto/cve/blob/main/openchatbi-SQL/issue.md

Credits

🔍 Goku (VulDB User) VulDB CNA Team