The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase.
postgres.py additionally accepts an unvalidated schema parameter used directly in DDL.
High — CWE-89 (SQL Injection)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N — 8.1
Exploitable in any deployment where table_prefix is derived from external input (multi-tenant setups, API-driven configuration, user-modifiable config files). Default config ("praison_") is not affected.
The CVE-2026-40315 fix added this guard to sqlite.py:52:
# sqlite.py — PATCHED
import re
if not re.match(r'^[a-zA-Z0-9_]*$', table_prefix):
raise ValueError("table_prefix must contain only alphanumeric characters and underscores")
The following backends perform the identical table_prefix → f-string SQL pattern without this guard:
| Backend | File | Line | Injection points |
| ---------------- | -------------------------------------------- | --------------- | ----------------------- |
| MySQL | persistence/conversation/mysql.py | 65 | 5 |
| PostgreSQL | persistence/conversation/postgres.py | 89 (+schema:88) | 10 |
| Async SQLite | persistence/conversation/async_sqlite.py | 43 | 13 |
| Async MySQL | persistence/conversation/async_mysql.py | 65 | 13 |
| Async...
4.5.1491.6.8Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:N8.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N