<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cql-Injection - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cql-injection/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sat, 11 Jul 2026 14:17:33 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cql-injection/feed.xml" rel="self" type="application/rss+xml"/><item><title>PraisonAI SQL/CQL Injection via Unvalidated PGVector/Cassandra Dimension (CVE-2026-60090)</title><link>https://feed.craftedsignal.io/briefs/2026-07-praisonai-sql-cql-injection/</link><pubDate>Sat, 11 Jul 2026 14:17:33 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-praisonai-sql-cql-injection/</guid><description>PraisonAI versions before 4.6.78 are vulnerable to SQL/CQL injection, allowing an attacker to inject malicious SQL/CQL tokens into generated CREATE TABLE DDL statements by influencing the unvalidated 'dimension' argument in PGVector and Cassandra knowledge-store backends, potentially leading to arbitrary database command execution and data manipulation or destruction.</description><content:encoded><![CDATA[<p>A critical SQL/CQL injection vulnerability, tracked as CVE-2026-60090, affects PraisonAI software versions prior to 4.6.78. The flaw exists within the <code>create_collection()</code> function of the PGVector and Cassandra knowledge-store backends, where the <code>dimension</code> argument is insufficiently validated. Although other identifiers like schema and collection names undergo validation, the <code>dimension</code> value, intended as an integer, is directly interpolated into the vector column of the generated <code>CREATE TABLE DDL</code> statement without proper sanitization. An attacker capable of influencing collection-creation dimensions can craft a malicious string, such as <code>'3); DROP TABLE tenant_secrets; --'</code>, which, when executed by the database driver, results in the injection of arbitrary SQL/CQL tokens. This can lead to unauthenticated arbitrary command execution within the database, allowing for data manipulation, exfiltration, or destruction. This vulnerability presents a significant risk to the integrity and availability of data managed by PraisonAI deployments.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a PraisonAI instance running a vulnerable version (prior to 4.6.78) where they can influence parameters passed to the <code>create_collection()</code> function.</li>
<li>The attacker crafts a malicious string payload, such as <code>'3); DROP TABLE tenant_secrets; --'</code>, designed to inject SQL or CQL commands, and provides this as the <code>dimension</code> argument.</li>
<li>The PraisonAI application receives the <code>create_collection()</code> request but fails to perform adequate validation on the <code>dimension</code> argument.</li>
<li>PraisonAI interpolates the unvalidated, malicious <code>dimension</code> string directly into the dynamic <code>CREATE TABLE DDL</code> statement intended for the connected PGVector or Cassandra database.</li>
<li>The database driver executes the constructed DDL statement, which now includes the attacker's injected SQL/CQL commands.</li>
<li>The database processes and executes the injected command, leading to the intended malicious action, such as dropping the <code>tenant_secrets</code> table.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-60090 grants an attacker the ability to execute arbitrary SQL or CQL commands against the underlying database. This high-severity vulnerability (CVSS v3.1 Base Score: 9.8) can lead to severe consequences, including unauthorized data modification, deletion, or exfiltration. Attackers could drop critical tables, manipulate database schema, or insert malicious data, severely compromising data integrity and availability. Organizations using PraisonAI are at risk of significant data loss, operational disruption, and potential regulatory non-compliance due to uncontrolled database access.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-60090 by upgrading PraisonAI to version 4.6.78 or later immediately.</li>
<li>Implement robust input validation for all user-supplied parameters, especially those interpolated into database queries, to prevent SQL/CQL injection vulnerabilities as described for the <code>dimension</code> argument.</li>
<li>Monitor database logs for unusual DDL statements, such as <code>DROP TABLE</code> or <code>ALTER TABLE</code>, particularly if originating from the PraisonAI application's database user.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>sql-injection</category><category>cql-injection</category><category>data-destruction</category><category>praisonai</category><category>database-vulnerability</category></item></channel></rss>