Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.
AnalysisAI
SQL injection in dubydu sqlite-mcp up to version 0.1.0 allows remote attackers to manipulate the output_filename parameter in the extract_to_json function, enabling arbitrary SQL command execution. The vulnerability has publicly available exploit code and affects all default installations without authentication requirements.
Technical ContextAI
sqlite-mcp is a Model Context Protocol (MCP) server implementation for SQLite database access. The vulnerability exists in the extract_to_json function within src/entry.py, where user-supplied input to the output_filename parameter is passed unsanitized into SQL queries. The CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) classification indicates insufficient input validation or parameterization when constructing SQL statements. The affected versions use direct string concatenation or unsafe formatting rather than prepared statements with parameter binding, allowing attackers to inject arbitrary SQL syntax through the filename argument.
RemediationAI
Apply the upstream patch identified as commit a5580cb992f4f6c308c9ffe6442b2e76709db548 available at https://github.com/dubydu/sqlite-mcp/commit/a5580cb992f4f6c308c9ffe6442b2e76709db548, which implements proper input sanitization for the output_filename parameter. For systems unable to immediately patch, implement input validation to restrict output_filename to alphanumeric characters, underscores, and hyphens, and configure the sqlite-mcp process to run with minimal database permissions (read-only or restricted table access). Disable or restrict network access to the MCP server if not required for remote operations, leveraging firewall rules or VPN-only access.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25963