premAI-io premsql followup.py eval code injection_CVE-2026-5594

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-5594

Source VulDB

Published Apr 5, 2026 at 18:30

Modified Apr 6, 2026 at 15:25

Affected Product

Vendor premAI-io

Product premsql

Version 0.2.0

Affected Versions premAI-io premsql 0.2.0
premAI-io premsql 0.2.1

CWE Classification

CWE-94 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-05T18:30:14.413Z",
    "modified": "2026-04-06T15:25:27.908Z",
    "type": "cve",
    "title": "premAI-io premsql followup.py eval code injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355388\nhttps://vuldb.com/vuln/355388/cti\nhttps://vuldb.com/submit/784462\nhttps://github.com/Ka7arotto/cve/blob/main/premsql-rce/issue.md\nhttps://github.com/Ka7arotto/cve/blob/main/premsql-rce/poc.py",
    "id": "CVE-2026-5594",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "premAI-io premsql 0.2.0\npremAI-io premsql 0.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "premsql",
    "version": "0.2.0",
    "vendor": "premAI-io",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}