CVE-2026-11529: SQL Injection in designcomputer mysql-mcp-server
A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.
AI Analysis
Technical Summary
The designcomputer mysql-mcp-server up to version 0.2.2 contains an SQL injection vulnerability in the read_resource function of src/mysql_mcp_server/server.py, specifically in the mysql URI Handler component. The vulnerability arises from improper handling of the uri_str argument, allowing an attacker to inject SQL commands remotely. The vulnerability has a CVSS 4.0 base score of 5.3 (medium severity) with network attack vector, low complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability. The issue is fixed by upgrading to version 0.3.0, which includes the patch identified by commit 080bef9a96d625ce0dfbde573a08b93497871981.
Potential Impact
Successful exploitation allows remote attackers to perform SQL injection attacks via the uri_str parameter, potentially leading to unauthorized data access or manipulation within the mysql-mcp-server. The impact is rated medium severity with limited impact on confidentiality, integrity, and availability as per the CVSS vector. There is no indication of widespread exploitation in the wild at this time.
Mitigation Recommendations
Upgrade the mysql-mcp-server component to version 0.3.0, which contains the official fix for this vulnerability. No other mitigations are indicated or required. Patch status is confirmed by the vendor's versioning and patch commit reference.
CVE-2026-11529: SQL Injection in designcomputer mysql-mcp-server
Description
A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The designcomputer mysql-mcp-server up to version 0.2.2 contains an SQL injection vulnerability in the read_resource function of src/mysql_mcp_server/server.py, specifically in the mysql URI Handler component. The vulnerability arises from improper handling of the uri_str argument, allowing an attacker to inject SQL commands remotely. The vulnerability has a CVSS 4.0 base score of 5.3 (medium severity) with network attack vector, low complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability. The issue is fixed by upgrading to version 0.3.0, which includes the patch identified by commit 080bef9a96d625ce0dfbde573a08b93497871981.
Potential Impact
Successful exploitation allows remote attackers to perform SQL injection attacks via the uri_str parameter, potentially leading to unauthorized data access or manipulation within the mysql-mcp-server. The impact is rated medium severity with limited impact on confidentiality, integrity, and availability as per the CVSS vector. There is no indication of widespread exploitation in the wild at this time.
Mitigation Recommendations
Upgrade the mysql-mcp-server component to version 0.3.0, which contains the official fix for this vulnerability. No other mitigations are indicated or required. Patch status is confirmed by the vendor's versioning and patch commit reference.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-07T19:46:50.204Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a26e45ce29bf47b501dd903
Added to database: 6/8/2026, 3:48:44 PM
Last enriched: 6/8/2026, 4:19:20 PM
Last updated: 6/9/2026, 5:05:27 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.