CVE-2026-4593 identifies a SQL injection vulnerability in the erupt framework, specifically in the EruptDataQuery function located in erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java within the MCP Tool Interface component. The vulnerability arises from improper sanitization or validation of user-supplied input that is incorporated into Hibernate-based SQL queries, enabling attackers to inject malicious SQL code remotely. This flaw affects erupt versions 1.13.0 through 1.13.3. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), and no user interaction needed (UI:N). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L), and does not involve scope changes or security requirements. The vendor was notified early but has not issued any response or patch, and although an exploit is publicly available, no active exploitation campaigns have been reported. This vulnerability could allow attackers to extract sensitive data, modify database contents, or disrupt application functionality by exploiting the SQL injection via Hibernate ORM queries.

The potential impact of CVE-2026-4593 includes unauthorized data disclosure, data manipulation, and possible service disruption within applications using the affected erupt versions. Since the vulnerability allows remote exploitation without authentication or user interaction, attackers can leverage it to access or alter sensitive information stored in backend databases. This could lead to data breaches, loss of data integrity, and potential downtime for critical business applications relying on erupt. Organizations that use erupt in environments handling sensitive or regulated data face compliance risks and reputational damage if exploited. Although the CVSS score is medium, the presence of a public exploit increases the risk of opportunistic attacks. The lack of vendor response and patches further exacerbates the threat, requiring organizations to implement compensating controls promptly.

Given the absence of official patches, organizations should immediately audit their use of erupt framework versions 1.13.0 to 1.13.3 and identify any deployments of the vulnerable EruptDataQuery function. As a temporary mitigation, input validation and sanitization should be enforced rigorously at the application layer to prevent malicious SQL input from reaching the Hibernate queries. Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the affected endpoints can reduce exposure. Restricting network access to the affected services to trusted IPs and implementing strict least-privilege database user permissions can limit the damage potential. Monitoring logs for unusual query patterns or errors related to SQL injection attempts is critical for early detection. Organizations should also consider upgrading to a non-vulnerable version once available or applying community patches if any emerge. Finally, engaging with the erupt community or maintainers to encourage a timely patch release is advisable.