Description
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.
Published: 2026-04-28
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL injection
Action: Immediate patch
AI Analysis

Impact

The vulnerability lies in the extract_to_json function in the entry.py module of dubydu sqlite-mcp. Manipulating the output_filename argument allows an attacker to inject arbitrary SQL statements because the filename is directly incorporated into an SQL query; the flaw is therefore classified as CWE‑89 SQL injection. The vulnerability may also permit command injection, as the filename is used in a context that could be interpreted by the database engine or operating system, warranting a CWE‑74 categorization. By executing injected SQL, an attacker can read, modify, or delete table data, compromising the confidentiality and integrity of the database.

Affected Systems

The issue affects the dubydu sqlite-mcp package for any version up to and including 0.1.0. Any instance running 0.1.0 or earlier is vulnerable and may be exploited if the extract_to_json function is reachable from an untrusted source.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Remote exploitation is possible, and the exploit has already been released publicly. The attack vector is likely through untrusted input to the extract_to_json routine, which directly evaluates the supplied filename as part of a SQL statement. Given the public availability of the exploit code, the likelihood of attack is non‑negligible, especially in environments where the application is exposed to external users.

Generated by OpenCVE AI on April 28, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update dubydu sqlite‑mcp to a version that includes patch commit a5580cb992f4f6c308c9ffe6442b2e76709db548, or apply the patch directly to the affected code.
  • If an update is not possible, disable or remove use of the extract_to_json function unless it is absolutely required, or restrain its exposure to trusted users only.
  • Implement strict input validation on the output_filename parameter, allowing only safe characters such as alphanumerics, hyphens, underscores, and periods, and reject any value containing SQL control characters or path traversal sequences.

Generated by OpenCVE AI on April 28, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4j28-22qp-rjcf sqlite-mcp has an Injection issue
History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Dubydu
Dubydu sqlite-mcp
Vendors & Products Dubydu
Dubydu sqlite-mcp

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.
Title dubydu sqlite-mcp entry.py extract_to_json sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dubydu Sqlite-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:35:37.733Z

Reserved: 2026-04-27T14:05:13.793Z

Link: CVE-2026-7206

cve-icon Vulnrichment

Updated: 2026-04-28T14:35:31.091Z

cve-icon NVD

Status : Deferred

Published: 2026-04-28T01:16:02.150

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7206

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:45:07Z

Weaknesses