PT-2026-33643 · Apache · Apache Doris Mcp Server

Published

2026-04-19

Updated

2026-05-28

CVE-2025-66335

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1

Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of intended query validation and access restrictions.

Recommendations Update to version 0.6.1 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-66335

GHSA-QHFQ-GVVC-5Q6Q

Affected Products

Apache Doris Mcp Server

PT-2026-33643 · Apache · Apache Doris Mcp Server

CVE-2025-66335

Weakness Enumeration

Related Identifiers

Affected Products

References · 9