Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.
AnalysisAI
SQL injection in Oracle MCP Server Helper Tool 1.0.1-1.0.156 allows low-privileged authenticated attackers to execute malicious SQL queries with high confidentiality and integrity impact across security boundaries. The vulnerability requires network access via HTTP and user interaction, affecting the helper tool component. With CVSS 8.7 and easily exploitable characteristics (AC:L), this represents significant risk for organizations running affected versions, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The changed scope (S:C) indicates potential impact beyond the vulnerable component itself.
Technical ContextAI
Oracle MCP Server Helper Tool is a component within Oracle Open Source Projects that processes HTTP requests with database operations. The vulnerability stems from improper input validation in the helper tool component, allowing attacker-controlled data to be incorporated into SQL statements without adequate sanitization. The CVSS vector indicates this is a cross-scope vulnerability (S:C), meaning successful exploitation can impact resources beyond the authorization privileges of the helper tool itself. The attack requires low-privilege authentication (PR:L) and user interaction (UI:R), suggesting the vulnerability may be triggered when an authenticated user with limited privileges interacts with malicious content delivered via HTTP, which then executes SQL operations with elevated database access. The CPE string identifies this as an Oracle Corporation product within the Oracle Open Source Projects portfolio, affecting versions 1.0.1 through 1.0.156.
RemediationAI
Upgrade Oracle MCP Server Helper Tool to a version later than 1.0.156, consulting Oracle's security advisory at https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html for the specific patched release version and installation instructions. Oracle has not published detailed compensating controls in publicly available data. If immediate patching is not feasible, implement network segmentation to restrict HTTP access to the helper tool component to only trusted authenticated users from known IP ranges, reducing exposure to potential attackers. Deploy database activity monitoring to detect anomalous SQL execution patterns that may indicate exploitation attempts. Consider implementing additional input validation at the application layer if the tool allows custom configuration. Note that network restrictions may impact legitimate user workflows and should be tested in non-production environments first. Verify the authentication model in your deployment to confirm whether the PR:L requirement aligns with your actual configuration.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27178
GHSA-652f-jqwx-jr9x