← Volver a CVEs
CVE-2026-31841
MEDIUM6.5
Descripcion
Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/12/2026
Ultima modificacion3/19/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
hyperterse:hyperterse
Debilidades (CWE)
CWE-433
Referencias
https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0(security-advisories@github.com)
https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.