Intel

AIKIDO-2026-367021

pandas is vulnerable to SQL Injection

SQL Injection Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

25

Low Risk

This Affects:

PYTHONpandas
2.2.0 - 3.0.3
Fixed in 3.0.4
Are you affected? Scan for Free

TL;DR

The ADBCDatabase class in pandas/io/sql.py builds SQL statements by interpolating table and schema identifiers directly into query strings without quoting or escaping. When an application passes untrusted identifiers to read_sql_table, to_sql, or delete_rows over an ADBC connection, the read_table (SELECT), to_sql (DROP TABLE), and delete_rows (DELETE FROM) paths can execute attacker-controlled SQL instead of treating the value as a literal identifier. The SQLite path already quoted identifiers, but the ADBC path had no equivalent escaping when ADBC support was added. The fix adds a _quote_identifier helper that applies ANSI SQL double-quote escaping and quotes identifiers at all three call sites.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and pass untrusted table or schema identifiers to pandas SQL functions that use an ADBC connection.

Background info

pandas is vulnerable to SQL Injection in versions 2.2.0 - 3.0.3.

How to fix this

Upgrade the pandas library to the patch version.