{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cql-injection/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-60090"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI before 4.6.78"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","cql-injection","data-destruction","praisonai","database-vulnerability"],"_cs_type":"advisory","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003eA critical SQL/CQL injection vulnerability, tracked as CVE-2026-60090, affects PraisonAI software versions prior to 4.6.78. The flaw exists within the \u003ccode\u003ecreate_collection()\u003c/code\u003e function of the PGVector and Cassandra knowledge-store backends, where the \u003ccode\u003edimension\u003c/code\u003e argument is insufficiently validated. Although other identifiers like schema and collection names undergo validation, the \u003ccode\u003edimension\u003c/code\u003e value, intended as an integer, is directly interpolated into the vector column of the generated \u003ccode\u003eCREATE TABLE DDL\u003c/code\u003e statement without proper sanitization. An attacker capable of influencing collection-creation dimensions can craft a malicious string, such as \u003ccode\u003e'3); DROP TABLE tenant_secrets; --'\u003c/code\u003e, which, when executed by the database driver, results in the injection of arbitrary SQL/CQL tokens. This can lead to unauthenticated arbitrary command execution within the database, allowing for data manipulation, exfiltration, or destruction. This vulnerability presents a significant risk to the integrity and availability of data managed by PraisonAI deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a PraisonAI instance running a vulnerable version (prior to 4.6.78) where they can influence parameters passed to the \u003ccode\u003ecreate_collection()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious string payload, such as \u003ccode\u003e'3); DROP TABLE tenant_secrets; --'\u003c/code\u003e, designed to inject SQL or CQL commands, and provides this as the \u003ccode\u003edimension\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI application receives the \u003ccode\u003ecreate_collection()\u003c/code\u003e request but fails to perform adequate validation on the \u003ccode\u003edimension\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003ePraisonAI interpolates the unvalidated, malicious \u003ccode\u003edimension\u003c/code\u003e string directly into the dynamic \u003ccode\u003eCREATE TABLE DDL\u003c/code\u003e statement intended for the connected PGVector or Cassandra database.\u003c/li\u003e\n\u003cli\u003eThe database driver executes the constructed DDL statement, which now includes the attacker's injected SQL/CQL commands.\u003c/li\u003e\n\u003cli\u003eThe database processes and executes the injected command, leading to the intended malicious action, such as dropping the \u003ccode\u003etenant_secrets\u003c/code\u003e table.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-60090 grants an attacker the ability to execute arbitrary SQL or CQL commands against the underlying database. This high-severity vulnerability (CVSS v3.1 Base Score: 9.8) can lead to severe consequences, including unauthorized data modification, deletion, or exfiltration. Attackers could drop critical tables, manipulate database schema, or insert malicious data, severely compromising data integrity and availability. Organizations using PraisonAI are at risk of significant data loss, operational disruption, and potential regulatory non-compliance due to uncontrolled database access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-60090 by upgrading PraisonAI to version 4.6.78 or later immediately.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation for all user-supplied parameters, especially those interpolated into database queries, to prevent SQL/CQL injection vulnerabilities as described for the \u003ccode\u003edimension\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eMonitor database logs for unusual DDL statements, such as \u003ccode\u003eDROP TABLE\u003c/code\u003e or \u003ccode\u003eALTER TABLE\u003c/code\u003e, particularly if originating from the PraisonAI application's database user.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-11T14:17:33Z","date_published":"2026-07-11T14:17:33Z","id":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-sql-cql-injection/","summary":"PraisonAI versions before 4.6.78 are vulnerable to SQL/CQL injection, allowing an attacker to inject malicious SQL/CQL tokens into generated CREATE TABLE DDL statements by influencing the unvalidated 'dimension' argument in PGVector and Cassandra knowledge-store backends, potentially leading to arbitrary database command execution and data manipulation or destruction.","title":"PraisonAI SQL/CQL Injection via Unvalidated PGVector/Cassandra Dimension (CVE-2026-60090)","url":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-sql-cql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Cql-Injection","version":"https://jsonfeed.org/version/1.1"}