Lucene search
+L

76 matches found

nvd
nvd
added 2 days ago6 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS0.00614EPSS
Exploits0References2
euvd
euvd
added 2 days ago5 views

EUVD-2026-43653

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS6.1AI score0.00614EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2 days ago7 views

PT-2026-57975

Name of the Vulnerable Software and Affected Versions Apache Doris versions prior to 3.1.0 Description Certain HTTP REST administrative APIs in the Frontend FE were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform...

9.1CVSS6.1AI score0.00614EPSS
Exploits0References5
cve
cve
added 2026/06/22 6:55 a.m.22 views

CVE-2025-66336

CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/22 6:55 a.m.12 views

EUVD-2025-210295

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References1
osv
osv
added 2026/06/22 6:55 a.m.2 views

CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS6AI score0.00375EPSS
Exploits0References5
github
github
added 2026/04/20 3:31 p.m.14 views

Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

5.3CVSS5.8AI score0.00655EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/04/20 3:31 p.m.5 views

EUVD-2025-209532

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS6AI score0.00655EPSS
Exploits0References3
osv
osv
added 2026/04/20 3:31 p.m.7 views

GHSA-QHFQ-GVVC-5Q6Q Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

5.3CVSS5.9AI score0.00655EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/20 1:27 p.m.41 views

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

0.00655EPSS
Exploits0References1
cve
cve
added 2026/04/20 1:27 p.m.35 views

CVE-2025-66335

Technical details for CVE-2025-66335 are not publicly available in the provided documents; monitor for updates.

5.3CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/04/20 1:27 p.m.3 views

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS6.1AI score0.00655EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.10 views

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a context-based protocol backend service provided by the Apache Foundation. Versions of Apache Doris MCP Server prior to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of query contexts, which could lead to the execution o...

5.3CVSS6AI score0.00655EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/19 12:0 a.m.10 views

PT-2026-33643

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...

5.3CVSS6AI score0.00655EPSS
Exploits0References14
redhatcve
redhatcve
added 2026/01/09 10:54 a.m.9 views

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS6.5AI score0.03319EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/05 9:26 a.m.11 views

CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

0.00336EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/05 12:0 a.m.5 views

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a contextual protocol backend service from the Apache Foundation. A security vulnerability exists in Apache Doris MCP Server versions prior to 0.1.0 through 0.6.0, which stems from improper access control and could allow an attacker with read-only privileges to execute...

5.4CVSS6.5AI score0.00336EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-23578

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00221EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-24642

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00962EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0407

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.03319EPSS
Exploits0References9
Rows per page
Query Builder