Execute Automation MCP Database Server Read-Only Mode Bypass Vulnerability

A vulnerability exists in Execute Automation's MCP Database Server, specifically in version 1.1.0 and earlier, as distributed through the npm package @executeautomation/database-server. The server fails to properly enforce a read-only mode, leaving it open to abuse and attacks on connected database systems, particularly PostgreSQL. This vulnerability can lead to denial-of-service conditions and other unexpected behaviors.

Impact

Exploitation of this vulnerability can cause a denial-of-service by disrupting database operations and terminating long-running queries. Additionally, it can bypass access controls in PostgreSQL, allowing unauthorized execution of commands that could disrupt services or manipulate data.

Reproduction

To reproduce this vulnerability, first upload a long-running query, such as one that pauses execution for an extended period, to the database. Then, use the MCP Database Server's 'read_query' tool to retrieve the process ID (PID) of the long-running query. Finally, issue a 'read_query' command to terminate the long-running query using the captured PID, demonstrating how the lack of proper access control can be exploited.