Skip to main content

astro-mcp-server CVE-2026-7591

| EUVDEUVD-2026-26709 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-05-01 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 01, 2026 - 19:30 vuln.today
EUVD ID Assigned
May 01, 2026 - 19:22 euvd
EUVD-2026-26709
Analysis Generated
May 01, 2026 - 19:22 vuln.today
CVE Published
May 01, 2026 - 19:16 nvd
LOW 2.1

DescriptionCVE.org

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

SQL injection in TimBroddin astro-mcp-server up to version 1.1.1 allows authenticated remote attackers to manipulate MCP Tool Query Construction parameters via crafted request.params.arguments, enabling arbitrary SQL query execution. Public exploit code exists and the vendor has not yet responded to early notification, leaving deployed instances at risk.

Technical ContextAI

astro-mcp-server is a Model Context Protocol (MCP) tool integration for Astro, handling dynamic query construction in src/index.ts. The vulnerability stems from unsafe SQL query assembly in the MCP Tool Query Construction component (CWE-74: Improper Neutralization of Special Elements used in an Output Command). User-supplied arguments from request.params.arguments are passed directly into SQL queries without parameterization or sanitization, allowing attackers with authenticated access to inject arbitrary SQL syntax and compromise database confidentiality, integrity, or availability depending on database permissions and DBMS capabilities.

RemediationAI

No vendor-released patched version identified at time of analysis. Immediate mitigations: (1) Upgrade to a patched version if released by the maintainer - monitor https://github.com/TimBroddin/astro-mcp-server/releases for updates; (2) Restrict network access to the MCP server to trusted internal networks only and disable remote authentication if not required; (3) Implement input validation and parameterized queries (prepared statements) in src/index.ts request.params.arguments handling - replace direct SQL string concatenation with parameterized SQL calls (e.g., using ? placeholders or ORM methods); (4) Apply database-level principle of least privilege - ensure the database user running astro-mcp-server queries has minimal necessary permissions and cannot access sensitive tables; (5) Enable SQL query logging and audit all queries from the MCP Tool Query Construction component for anomalous patterns. For high-risk environments, consider forking the repository, applying the parameterization fix, and deploying the patched version internally while awaiting upstream response.

Share

CVE-2026-7591 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy