Apache Doris MCP Server SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Apache Doris MCP Server versions prior to 0.6.1. This vulnerability arises from improper handling of query context, which may allow the execution of unintended SQL statements. Additionally, it can bypass intended query validation and access restrictions through the MCP query execution interface.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of SQL statements, potentially allowing attackers to manipulate the database in unintended ways.

Added: Apr 20, 2026, 2:40 PM

Updated: Apr 20, 2026, 2:40 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

4.9

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

3.1

exploitability

4.9

remediation

0.0

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Doris MCP Server SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

Apache Doris MCP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating