Skip to main content

Doris Mcp Server

2 CVEs product

Monthly

CVE-2025-66336 HIGH PATCH This Week

SQL injection in Apache Doris MCP Server versions 0.1.0 through 0.6.0 allows authenticated attackers (or anonymous attackers when authentication is disabled) to inject arbitrary SQL through a database-name parameter in a metadata query path, bypassing the caller's authorization context. Because the query executes without the requester's auth context, attackers can read metadata across databases they should not be able to see. No public exploit identified at time of analysis, and SSVC currently marks exploitation as 'none'.

Apache SQLi Doris Mcp Server
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-58337 PyPI MEDIUM PATCH This Month

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Doris Mcp Server
NVD
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

SQL injection in Apache Doris MCP Server versions 0.1.0 through 0.6.0 allows authenticated attackers (or anonymous attackers when authentication is disabled) to inject arbitrary SQL through a database-name parameter in a metadata query path, bypassing the caller's authorization context. Because the query executes without the requester's auth context, attackers can read metadata across databases they should not be able to see. No public exploit identified at time of analysis, and SSVC currently marks exploitation as 'none'.

Apache SQLi Doris Mcp Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Doris Mcp Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy