Home

Description

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

PUBLISHED Reserved 2026-03-01 | Published 2026-03-03 | Updated 2026-03-03 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C
2.6AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:C

Problem types

Improper Verification of Cryptographic Signature

Insufficient Verification of Data Authenticity

Product status

1.5.0
affected

1.5.1
affected

Timeline

2026-03-01:Advisory disclosed
2026-03-01:VulDB entry created
2026-03-01:VulDB entry last update

Credits

yaowenxiao (VulDB User) reporter

VulDB coordinator

References

vuldb.com/?id.348292 (VDB-348292 | Dataease SQLBot JWT Token auth.py validateEmbedded signature verification) vdb-entry technical-description

vuldb.com/?ctiid.348292 (VDB-348292 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.707291 (Submit #707291 | FIT2CLOUD SQLBot 1.3.0 Improper Verification of Cryptographic Signature) third-party-advisory

github.com/...ot/SQLBot-JWT-Signature-Verification-Bypass.md exploit

cve.org (CVE-2025-15598)

nvd.nist.gov (CVE-2025-15598)

Download JSON