CVE-2025-66335: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Apache Software Foundation Apache Doris MCP Server
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.
AI Analysis
Technical Summary
Apache Doris MCP Server versions prior to 0.6.1 contain an SQL Injection vulnerability (CWE-89) due to improper neutralization of special elements in query context handling. This vulnerability could enable attackers to execute unintended SQL commands and bypass intended query validation and access restrictions through the MCP query execution interface. The issue is resolved in version 0.6.1 and later. No CVSS score or official remediation details are provided in the current data.
Potential Impact
Successful exploitation may allow an attacker to execute arbitrary SQL commands on the affected server, potentially bypassing query validation and access restrictions. This could lead to unauthorized data access or modification. However, no known exploits have been reported in the wild, and the vulnerability affects only versions earlier than 0.6.1.
Mitigation Recommendations
Upgrade Apache Doris MCP Server to version 0.6.1 or later, which is not affected by this vulnerability. Patch status is not explicitly confirmed beyond this version recommendation; check the vendor advisory for the latest remediation guidance.
CVE-2025-66335: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Apache Software Foundation Apache Doris MCP Server
Description
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Apache Doris MCP Server versions prior to 0.6.1 contain an SQL Injection vulnerability (CWE-89) due to improper neutralization of special elements in query context handling. This vulnerability could enable attackers to execute unintended SQL commands and bypass intended query validation and access restrictions through the MCP query execution interface. The issue is resolved in version 0.6.1 and later. No CVSS score or official remediation details are provided in the current data.
Potential Impact
Successful exploitation may allow an attacker to execute arbitrary SQL commands on the affected server, potentially bypassing query validation and access restrictions. This could lead to unauthorized data access or modification. However, no known exploits have been reported in the wild, and the vulnerability affects only versions earlier than 0.6.1.
Mitigation Recommendations
Upgrade Apache Doris MCP Server to version 0.6.1 or later, which is not affected by this vulnerability. Patch status is not explicitly confirmed beyond this version recommendation; check the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2025-11-27T03:23:14.613Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e631a519fe3cd2cdff25fb
Added to database: 4/20/2026, 2:01:09 PM
Last enriched: 4/20/2026, 2:17:36 PM
Last updated: 4/21/2026, 7:09:27 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.