95 matches found
Apache Pinot < 1.3.0 - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special...
CVE-2026-49257
mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...
CVE-2026-49257
Summary of CVE-2026-49257 – mcp-pinot : Versions 3.0.1 and earlier run an HTTP MCP server bound to 0.0.0.0:8080 with no authentication, exposing all MCP tools (SQL query execution, schema creation, table-config mutation) to any network-adjacent caller. The server proxies these calls using server-...
CVE-2026-49257 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind
mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...
PT-2026-50795
Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...
GHSA-5W86-C3RQ-VJJ7 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, pinot-fips, celeborn...
CVE-2026-50011 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, pinot-fips, celeborn...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: kayenta-fips, management-api-for-apache-cassandra-5.0, druid, opensearch, logstash, spark-kubernetes-operator, docker-selenium, pinot-fips, logstash-fips, neo4j, kayenta, kserve-modelmesh, reposilite, elasticsearch-fips, wazuh-indexer, spark, solr,...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: kayenta-fips, management-api-for-apache-cassandra-5.0, druid, opensearch, logstash, spark-kubernetes-operator, docker-selenium, pinot-fips, logstash-fips, neo4j, kayenta, kserve-modelmesh, reposilite, elasticsearch-fips, wazuh-indexer, spark, solr,...
CVE-2026-45300 vulnerabilities
Vulnerabilities for packages: tez, druid, apache-pulsar-fips, pinot, pinot-fips, apache-pulsar...
GHSA-FMXF-PM6P-7XGM vulnerabilities
Vulnerabilities for packages: tez, druid, apache-pulsar-fips, pinot, pinot-fips, apache-pulsar...
CVE-2026-44248 vulnerabilities
Vulnerabilities for packages: apache-hop, apache-hop-fips, hono, management-api-for-apache-cassandra-5.0, tez, thingsboard, druid, pinot, seata, management-api-for-apache-cassandra-4.0, trino, pinot-fips, celeborn, apache-activemq-artemis, management-api-for-apache-cassandra-4.1...
GHSA-JFG9-48MV-9QGX vulnerabilities
Vulnerabilities for packages: apache-hop, apache-hop-fips, hono, management-api-for-apache-cassandra-5.0, tez, thingsboard, druid, pinot, seata, management-api-for-apache-cassandra-4.0, trino, pinot-fips, celeborn, apache-activemq-artemis, management-api-for-apache-cassandra-4.1...
GHSA-RGRR-P7GP-5XJ7 vulnerabilities
Vulnerabilities for packages: apache-hop, apache-hop-fips, tez, management-api-for-apache-cassandra-5.0, thingsboard, druid, pinot, seata, management-api-for-apache-cassandra-4.0, trino, pinot-fips, celeborn, management-api-for-apache-cassandra-4.1...
CVE-2026-42586 vulnerabilities
Vulnerabilities for packages: apache-hop, apache-hop-fips, tez, management-api-for-apache-cassandra-5.0, thingsboard, druid, pinot, seata, management-api-for-apache-cassandra-4.0, trino, pinot-fips, celeborn, management-api-for-apache-cassandra-4.1...
CVE-2026-34480 vulnerabilities
Vulnerabilities for packages: camunda, zipkin, kafka-bridge-fips, airflow, wavefront-proxy, apache-activemq-artemis, apache-hop-fips, apache-activemq-fips, camunda-zeebe, nuxeo, druid, opensearch, apache-jena-fuseki, apache-tika, geoserver, logstash, opensearch-fips, pinot,...
GHSA-3PXV-7CMR-FJR4 vulnerabilities
Vulnerabilities for packages: camunda, zipkin, kafka-bridge-fips, airflow, wavefront-proxy, apache-activemq-artemis, apache-hop-fips, apache-activemq-fips, camunda-zeebe, nuxeo, druid, opensearch, apache-jena-fuseki, apache-tika, geoserver, logstash, opensearch-fips, pinot,...
GHSA-W9FJ-CFPG-GRVV vulnerabilities
Vulnerabilities for packages: camunda, hono, zipkin, kafka-bridge-fips, kayenta-fips, management-api-for-apache-cassandra-4.0, wavefront-proxy, flyway-fips, management-api-for-apache-cassandra-4.1, apache-hop-fips, camunda-zeebe, management-api-for-apache-cassandra-5.0, druid, keycloak, opensearc...
CVE-2026-33871 vulnerabilities
Vulnerabilities for packages: camunda, hono, zipkin, kafka-bridge-fips, kayenta-fips, management-api-for-apache-cassandra-4.0, wavefront-proxy, flyway-fips, management-api-for-apache-cassandra-4.1, apache-hop-fips, camunda-zeebe, management-api-for-apache-cassandra-5.0, druid, keycloak, opensearc...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: camunda, hono, zipkin, kafka-bridge-fips, kayenta-fips, management-api-for-apache-cassandra-4.0, wavefront-proxy, apache-activemq-artemis, flyway-fips, management-api-for-apache-cassandra-4.1, camunda-zeebe, management-api-for-apache-cassandra-5.0, druid, keycloak,...