Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
SQL injection in Erupt's MCP Tool Interface allows authenticated attackers to manipulate database queries through the EruptDataQuery component, potentially exposing or modifying sensitive data. The vulnerability affects Java-based Erupt deployments version 1.13.3 and has public exploit code available. No patch is currently available from the vendor, who has not responded to disclosure efforts.
Technical ContextAI
The vulnerability resides in the EruptDataQuery.java file within the erupt-ai module, which handles data query operations through the MCP (Model Context Protocol) Tool Interface. The root cause is classified under CWE-564 (Unsafe Name Mapping), indicating improper handling of user-supplied input that gets passed directly to Hibernate ORM queries without adequate sanitization or parameterization. Erupts Erupt is a low-code/no-code rapid development framework built on Java, and the MCP Tool Interface is designed to bridge external tools with the Erupt data layer. When user input from MCP tools is passed to the EruptDataQuery function, it bypasses proper input validation and becomes part of Hibernate query construction, enabling SQL injection attacks at the database level.
RemediationAI
Immediate action requires upgrading Erupts Erupt to a patched version beyond 1.13.3 if available from the vendor, though note that the vendor has not responded to early disclosure efforts, which may complicate obtaining official patches. As an interim mitigation, restrict network access to the MCP Tool Interface to only trusted internal networks and implement strict authentication controls to limit PR:L exposure to authorized users only. Apply database-level access controls to limit the Erupt application's database user permissions to only necessary tables and operations, reducing the impact scope of successful SQL injection exploitation. Additionally, implement Web Application Firewall (WAF) rules to detect and block common SQL injection patterns in requests to the EruptDataQuery endpoint, monitor database query logs for anomalous activity, and consider disabling the MCP Tool Interface entirely if it is not actively required for operations. Reference the VulDB entries at https://vuldb.com/?submit.775593 and the published exploit details at https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink for technical analysis to inform filtering rules.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Same weakness CWE-564 – SQL Injection: Hibernate
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14473
GHSA-473j-28g3-gv2f