designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection_CVE-2026-11529

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

Basic Information

ID CVE-2026-11529

Source VulDB

Published Jun 8, 2026 at 15:30

Modified Jun 8, 2026 at 16:26

Affected Product

Vendor designcomputer

Product mysql-mcp-server

Version 0.2.0

Affected Versions designcomputer mysql-mcp-server 0.2.0
designcomputer mysql-mcp-server 0.2.1
designcomputer mysql-mcp-server 0.2.2

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.",
    "published": "2026-06-08T15:30:11.964Z",
    "modified": "2026-06-08T16:26:36.609Z",
    "type": "cve",
    "title": "designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369146\nhttps://vuldb.com/vuln/369146/cti\nhttps://vuldb.com/cve/CVE-2026-11529\nhttps://vuldb.com/submit/836490\nhttps://github.com/designcomputer/mysql_mcp_server/issues/89\nhttps://github.com/designcomputer/mysql_mcp_server/pull/86\nhttps://github.com/designcomputer/mysql_mcp_server/commit/080bef9a96d625ce0dfbde573a08b93497871981\nhttps://github.com/designcomputer/mysql_mcp_server/releases/tag/v0.3.0",
    "id": "CVE-2026-11529",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "designcomputer mysql-mcp-server 0.2.0\ndesigncomputer mysql-mcp-server 0.2.1\ndesigncomputer mysql-mcp-server 0.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mysql-mcp-server",
    "version": "0.2.0",
    "vendor": "designcomputer",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}