Description
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope.

Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.
Published: 2026-06-22
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apache Doris MCP Server contains a SQL injection flaw in a metadata query path; an attacker can supply a user‑controlled database name that is interpolated directly into a SQL statement executed without honoring the caller’s authorization context. This bug allows an authenticated attacker, or an anonymous user when authentication is disabled, to bypass the server’s SQL security checks and read metadata from databases outside the intended scope. The weakness corresponds to the classic input‑validation failure described by CWE‑89.

Affected Systems

The vulnerability affects Apache Doris MCP Server from the Apache Software Foundation. All releases prior to version 0.6.1 are impacted; users should upgrade to 0.6.1 or later.

Risk and Exploitability

The flaw permits an attacker who can reach the MCP Server’s metadata query endpoint to inject a database name that causes the server to execute a SQL statement in a context lacking proper authorization checks. The attack is likely remote, using HTTP or REST calls, and does not require privilege escalation beyond legitimate authentication. If authentication is disabled, even anonymous users can exploit the injection. The effect is unauthorized read of metadata from other databases, constituting a data‑disclosure and privilege‑elevation risk for the affected system. The EPSS score is not available and the vulnerability is not listed in CISA KEV.

Generated by OpenCVE AI on June 22, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache Doris MCP Server to version 0.6.1 or later.
  • Validate or sanitize the database name parameter before it is embedded in SQL, or use prepared statements with parameter binding.
  • If an upgrade cannot be performed immediately, consider disabling authentication on the MCP Server or restricting network access to the metadata query endpoint to trusted hosts only.

Generated by OpenCVE AI on June 22, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache doris Mcp Server
Vendors & Products Apache
Apache doris Mcp Server

Mon, 22 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Description Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.
Title Apache Doris MCP Server: SQL injection leading the authentication bypass
Weaknesses CWE-89
References

Subscriptions

Apache Doris Mcp Server
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-22T07:58:10.548Z

Reserved: 2025-11-27T03:24:32.530Z

Link: CVE-2025-66336

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T11:00:05Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')