TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7591

Source VulDB

Published May 1, 2026 at 19:00

Affected Product

Vendor TimBroddin

Product astro-mcp-server

Version 1.1.0

Affected Versions TimBroddin astro-mcp-server 1.1.0
TimBroddin astro-mcp-server 1.1.1

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-01T19:00:16.140Z",
    "modified": "2026-05-01T19:00:16.140Z",
    "type": "cve",
    "title": "TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360544\nhttps://vuldb.com/vuln/360544/cti\nhttps://vuldb.com/submit/804450\nhttps://github.com/TimBroddin/astro-mcp-server/issues/2\nhttps://github.com/TimBroddin/astro-mcp-server/",
    "id": "CVE-2026-7591",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "TimBroddin astro-mcp-server 1.1.0\nTimBroddin astro-mcp-server 1.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "astro-mcp-server",
    "version": "1.1.0",
    "vendor": "TimBroddin",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection_CVE-2026-7591