CVE-2026-11529

Sažetak

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

Reference

https://github.com/designcomputer/mysql_mcp_server/commit/080bef9a96d625ce0dfbde573a08b93497871981
https://github.com/designcomputer/mysql_mcp_server/issues/89
https://github.com/designcomputer/mysql_mcp_server/pull/86
https://github.com/designcomputer/mysql_mcp_server/releases/tag/v0.3.0
https://vuldb.com/cve/CVE-2026-11529
https://vuldb.com/submit/836490
https://vuldb.com/vuln/369146
https://vuldb.com/vuln/369146/cti

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-06-2026 - 01:34

Objavljeno

08-06-2026 - 16:16