CVE-2026-4530 MEDIUM

CVE-2026-4530: apconw Aix-DB terminology_retriever.py sql injection

Vendor Apconw

Product Aix-DB

Weakness CWE-89 · SQLi

Published March 21, 2026

Last update March 24, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

March 21, 2026 CVE published

March 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4530 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2026-4530

CWE CWE-89

CVSS 4.8 / MEDIUM

Affected versions

Vendor Apconw

Product Aix-DB

Affected 1.2.0

Vendor Apconw

Product Aix-DB

Affected 1.2.1

Vendor Apconw

Product Aix-DB

Affected 1.2.2

Vendor Apconw

Product Aix-DB

Affected 1.2.3

CVE-2026-4530: apconw Aix-DB terminology_retriever.py sql injection

01Description

02Disclosure timeline

03References

04Related CVE