CVE-2026-49257

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0

Description mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. This allows any network-adjacent caller to access all MCP tools, including SQL query execution, schema creation, and table-config mutation. The server proxies these requests using server-side Pinot credentials, creating a confused-deputy condition—where a privileged entity is tricked into performing actions on behalf of an unauthorized user—resulting in full read and write access to the configured Pinot cluster.

Recommendations Update to version 3.1.0.