CVE-2026-4506: MindSQL is vulnerable to Code Injection through its ask_db function

March 21, 2026 (updated March 23, 2026)

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/Ka7arotto/cve/blob/main/MindSQL-RCE.md
github.com/Mindinventory/MindSQL
github.com/advisories/GHSA-m6m4-34cj-4hh7
nvd.nist.gov/vuln/detail/CVE-2026-4506
vuldb.com/?ctiid.352072
vuldb.com/?id.352072
vuldb.com/?submit.773898

Code Behaviors & Features

Detect and mitigate CVE-2026-4506 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →