Lucene search
K

118 matches found

NVD
NVD
added 7 hours ago6 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS
Exploits0References2
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-43653

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS6.1AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/22 9:20 a.m.11 views

SQL Injection

Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection via the metadata query path. An attacker can gain unauthorized access to metadata outside the intended database scop...

8.1CVSS6AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 8:16 a.m.14 views

CVE-2025-66336

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 6:55 a.m.11 views

EUVD-2025-210295

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 6:55 a.m.22 views

CVE-2025-66336

CVE-2025-66336 affects Apache Doris MCP Server. The issue is a SQL injection in a metadata query path where a user-controlled database name is directly interpolated into a SQL query and executed without enforcing the caller’s authorization context. This can allow an authenticated user, or an anon...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 6:55 a.m.35 views

CVE-2025-66336 Apache Doris MCP Server: SQL injection leading the authentication bypass

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.17 views

PT-2026-51281

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description A SQL injection exists in a metadata query path where a user-controlled database name is directly interpolated into a SQL query. The query is executed without the caller's authorizati...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.13 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS5.8AI score0.00655EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.9 views

org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799797...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.datasqrl.flinkrunner:datagen-connectors (=0.10.1), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0 <=0.10.1) +75 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (=2.2.0)

org.apache.flink:flink-table-api-java MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-api-java and may be impacted: - com.datasqrl.flinkrunner:datagen-connectors =0.10.1 -...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
Snyk
Snyk
added 2026/04/20 3:49 p.m.8 views

SQL Injection

Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection due to improper neutralization in the query context handling process. An attacker can execute unintended SQL...

6.9CVSS6.1AI score0.00655EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/20 3:31 p.m.5 views

EUVD-2025-209532

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS6AI score0.00655EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 3:31 p.m.7 views

GHSA-QHFQ-GVVC-5Q6Q Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

5.3CVSS5.9AI score0.00655EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/20 3:31 p.m.13 views

Apache Doris MCP Server vulnerable to SQL Injection via improper query context neutralization

Apache Doris MCP Server versions prior to 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Versions 0.6.1...

5.3CVSS5.8AI score0.00655EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/20 2:16 p.m.3 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS0.00655EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 1:27 p.m.3 views

CVE-2025-66335 Apache Doris MCP Server: MCP SQL inject

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

6AI score0.00655EPSS
Exploits0References1
Rows per page
Query Builder