76 matches found
CVE-2026-58319
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...
EUVD-2026-43653
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...
PT-2026-57975
Name of the Vulnerable Software and Affected Versions Apache Doris versions prior to 3.1.0 Description Certain HTTP REST administrative APIs in the Frontend FE were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform...
CVE-2025-66336
CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...
EUVD-2025-210295
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...
CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...
Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization
Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...
EUVD-2025-209532
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...
GHSA-QHFQ-GVVC-5Q6Q Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization
Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...
CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...
CVE-2025-66335
Technical details for CVE-2025-66335 are not publicly available in the provided documents; monitor for updates.
CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...
Apache Doris MCP Server 安全漏洞
Apache Doris MCP Server is a context-based protocol backend service provided by the Apache Foundation. Versions of Apache Doris MCP Server prior to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of query contexts, which could lead to the execution o...
PT-2026-33643
Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...
CVE-2022-23942
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...
Apache Doris MCP Server 安全漏洞
Apache Doris MCP Server is a contextual protocol backend service from the Apache Foundation. A security vulnerability exists in Apache Doris MCP Server versions prior to 0.1.0 through 0.6.0, which stems from improper access control and could allow an attacker with read-only privileges to execute...
EUVD-2024-23578
Malicious code in bioql PyPI...
EUVD-2024-24642
Malicious code in bioql PyPI...
EUVD-2022-0407
Malicious code in bioql PyPI...