CVE-2026-33980

Name of the Vulnerable Software and Affected Versions Azure Data Explorer MCP Server versions prior to commit 0abe0ee55279e111281076393e5e966335fffd30 Azure Data Explorer MCP Server versions up to and including 0.1.1

Description Azure Data Explorer MCP Server, a Model Context Protocol (MCP) server, contains Kusto Query Language (KQL) injection vulnerabilities in three tool handlers: get table schema, sample table data, and get table details. The table name parameter is directly interpolated into KQL queries without validation or sanitization. This allows an attacker, or a prompt-injected AI agent, to execute arbitrary KQL queries against the Azure Data Explorer cluster. The vulnerable code constructs KQL queries by embedding the table name parameter directly into query strings using f-strings. An attacker can inject malicious KQL code to read arbitrary tables, execute management commands, or perform other unauthorized actions. The injection bypasses the trust boundary established for "safe" metadata-inspection tools. The vulnerable API endpoints are:

''/get table schema'' ''/sample table data'' ''/get table details''

The vulnerable parameter is table name.

Recommendations Update Azure Data Explorer MCP Server to commit 0abe0ee55279e111281076393e5e966335fffd30 or a later version.