CVE 8.7 HIGH

CVE-2026-35228_CVE-2026-35228

May 4, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

AI Analysis

Easily exploitable vulnerability in Oracle MCP Server Helper Tool allowing unauthenticated attackers to execute malicious SQL via HTTP

Basic Information

ID CVE-2026-35228

Source oracle

Published May 5, 2026 at 03:24

Affected Product

Vendor Oracle Corporation

Product Oracle MCP Server Helper Tool product of Oracle Open Source Projects

Version 1.0.1-1.0.156

Affected Versions Oracle Corporation Oracle MCP Server Helper Tool product of Oracle Open Source Projects 1.0.1-1.0.156

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Oracle Corporation

Product Oracle MCP Server Helper Tool

Version 1.0.1-1.0.156

References

www.oracle.com /security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html

{
    "lastseen": "",
    "description": "Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.",
    "published": "2026-05-05T03:24:59.554Z",
    "modified": "2026-05-05T03:24:59.554Z",
    "type": "cve",
    "title": "CVE-2026-35228",
    "source": "oracle",
    "references": "https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html",
    "id": "CVE-2026-35228",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Oracle Corporation Oracle MCP Server Helper Tool product of Oracle Open Source Projects 1.0.1-1.0.156",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Oracle MCP Server Helper Tool product of Oracle Open Source Projects",
    "version": "1.0.1-1.0.156",
    "vendor": "Oracle Corporation",
    "ai_description": "Easily exploitable vulnerability in Oracle MCP Server Helper Tool allowing unauthenticated attackers to execute malicious SQL via HTTP",
    "ai_severity": "High",
    "ai_vendor": "Oracle Corporation",
    "ai_product": "Oracle MCP Server Helper Tool",
    "ai_version": "1.0.1-1.0.156",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply