{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5594", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-05T05:12:37.784Z", "datePublished": "2026-04-05T18:30:14.413Z", "dateUpdated": "2026-04-06T15:25:27.908Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T18:30:14.413Z"}, "title": "premAI-io premsql followup.py eval code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "premAI-io", "product": "premsql", "versions": [{"version": "0.2.0", "status": "affected"}, {"version": "0.2.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-05T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-05T07:17:44.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Goku (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355388", "name": "VDB-355388 | premAI-io premsql followup.py eval code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355388/cti", "name": "VDB-355388 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/784462", "name": "Submit #784462 | premsql v0.2.1 Code Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/issue.md", "tags": ["related"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/poc.py", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:25:19.914191Z", "id": "CVE-2026-5594", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:25:27.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5594", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T15:25:19.914191Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:25:23.950Z"}}], "cna": {"title": "premAI-io premsql followup.py eval code injection", "credits": [{"lang": "en", "type": "reporter", "value": "Goku (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "premAI-io", "product": "premsql", "versions": [{"status": "affected", "version": "0.2.0"}, {"status": "affected", "version": "0.2.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-05T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-05T07:17:44.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355388", "name": "VDB-355388 | premAI-io premsql followup.py eval code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355388/cti", "name": "VDB-355388 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/784462", "name": "Submit #784462 | premsql v0.2.1 Code Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/issue.md", "tags": ["related"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/poc.py", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T18:30:14.413Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5594", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:25:27.908Z", "dateReserved": "2026-04-05T05:12:37.784Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-05T18:30:14.413Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5594", "lastModified": "2026-04-05T19:17:05.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T19:17:05.437", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/issue.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/Ka7arotto/cve/blob/main/premsql-rce/poc.py"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/784462"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355388"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355388/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.2.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "premsql", "source": "cna", "vendor": "premAI-io"}, "product": "premsql", "vendor": "premai-io"}], "analysis": {"en": {"generated_at": "2026-04-05T21:20:35.725953+00:00", "value": {"mitigation_remediation": ["Upgrade premAI-io premsql to the latest available version (greater than 0.2.1).", "If no patch is immediately available, restrict network access to the component that executes followup.py, for example by tightening firewall or proxy rules.", "Monitor application logs for unexpected calls to eval() or suspicious data being processed by followup.py. Consider disabling eval() or replacing it with a safer alternative if possible."], "summary": {"action": "Apply patch", "impact": "Remote code execution via eval injection"}, "threat_synthesis": {"affected_systems": "The issue impacts premAI-io premsql versions up to 0.2.1. Any deployment of this package that includes the followup.py worker is potentially vulnerable.", "description_and_impact": "The vulnerability resides in the eval() usage within the followup.py component of premAI-io premsql. An attacker can supply crafted input that is executed by eval, allowing arbitrary Python code to run on the host that runs the application. This results in remote code execution, enabling full control over affected systems. The weakness aligns with CWE-74 and CWE-94.", "risk_and_exploitability": "The CVSS base score is 5.3, indicating moderate severity, and the vulnerability is not listed in the CISA KEV catalog. Public proof\u2011of\u2011concept code demonstrates that the exploit is feasible, and the attack vector is remote. An attacker who can reach the application can inject code through the eval call and compromise the entire system with no additional privileges."}}}}, "created": "2026-04-06T20:23:04.951271+00:00", "updated": "2026-04-06T21:56:25.444244+00:00", "vendors": ["premai-io", "premai-io$PRODUCT$premsql"]}