This vulnerability affects the Oracle MCP Server Helper Tool component of Oracle Open Source Projects, specifically versions 1.0.1 to 1.0.156. It permits an unauthenticated attacker with network access over HTTP to exploit the tool to execute arbitrary malicious SQL. The CVSS v3.1 base score is 8.7, indicating high severity, with attack vector network, low attack complexity, requiring low privileges and user interaction, and resulting in high confidentiality and integrity impact without affecting availability. Oracle's public advisory page lists this CVE but does not provide a patch or official remediation details. The vulnerability remains unpatched publicly and no exploits are currently known in the wild.

Successful exploitation can lead to execution of malicious SQL commands within the Oracle MCP Server Helper Tool, potentially compromising data confidentiality and integrity. This could allow attackers to manipulate or access sensitive data managed by the tool. The vulnerability does not impact availability. No active exploitation has been reported so far.

Patch status is not yet confirmed — check the Oracle advisory at https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html for current remediation guidance. Since no official fix or workaround is publicly documented, users should monitor Oracle communications for updates. Restricting network access to the affected service and applying network-level controls may reduce exposure until a patch is available.