Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
SQL injection in TimBroddin astro-mcp-server up to version 1.1.1 allows authenticated remote attackers to manipulate MCP Tool Query Construction parameters via crafted request.params.arguments, enabling arbitrary SQL query execution. Public exploit code exists and the vendor has not yet responded to early notification, leaving deployed instances at risk.
Technical ContextAI
astro-mcp-server is a Model Context Protocol (MCP) tool integration for Astro, handling dynamic query construction in src/index.ts. The vulnerability stems from unsafe SQL query assembly in the MCP Tool Query Construction component (CWE-74: Improper Neutralization of Special Elements used in an Output Command). User-supplied arguments from request.params.arguments are passed directly into SQL queries without parameterization or sanitization, allowing attackers with authenticated access to inject arbitrary SQL syntax and compromise database confidentiality, integrity, or availability depending on database permissions and DBMS capabilities.
RemediationAI
No vendor-released patched version identified at time of analysis. Immediate mitigations: (1) Upgrade to a patched version if released by the maintainer - monitor https://github.com/TimBroddin/astro-mcp-server/releases for updates; (2) Restrict network access to the MCP server to trusted internal networks only and disable remote authentication if not required; (3) Implement input validation and parameterized queries (prepared statements) in src/index.ts request.params.arguments handling - replace direct SQL string concatenation with parameterized SQL calls (e.g., using ? placeholders or ORM methods); (4) Apply database-level principle of least privilege - ensure the database user running astro-mcp-server queries has minimal necessary permissions and cannot access sensitive tables; (5) Enable SQL query logging and audit all queries from the MCP Tool Query Construction component for anomalous patterns. For high-risk environments, consider forking the repository, applying the parameterization fix, and deploying the patched version internally while awaiting upstream response.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26709