Lucene search
K

6 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.15 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.14 views

CVE-2026-48773

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:28 p.m.37 views

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-51016

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.18 through 3.0.8 Description ProxySQL contains a pre-authentication heap memory corruption issue within the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can trigger this by declaring an...

9.8CVSS5.9AI score0.00358EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-51015

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...

10CVSS5.9AI score0.00185EPSS
Exploits0References14
Rows per page
Query Builder