Skip to main content

Mcp Data Vis

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5322 MEDIUM POC This Month

SQL injection in AlejandroArciniegas mcp-data-vis MCP Handler allows remote unauthenticated attackers to manipulate database queries via the Request function in src/servers/database/server.js. Publicly available exploit code exists. CVSS 7.3 (High) with low attack complexity enables unauthorized data access, modification, and partial availability disruption. The vendor did not respond to disclosure, and the product uses a rolling release model without fixed version tracking, complicating patch verification (EPSS data not provided).

SQLi Mcp Data Vis
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5322
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in AlejandroArciniegas mcp-data-vis MCP Handler allows remote unauthenticated attackers to manipulate database queries via the Request function in src/servers/database/server.js. Publicly available exploit code exists. CVSS 7.3 (High) with low attack complexity enables unauthorized data access, modification, and partial availability disruption. The vendor did not respond to disclosure, and the product uses a rolling release model without fixed version tracking, complicating patch verification (EPSS data not provided).

SQLi Mcp Data Vis
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy