← Zuruck zu CVEs
CVE-2025-66335
MEDIUM5.3
Beschreibung
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/20/2026
Zuletzt geandert4/22/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apache:doris_mcp_server
Schwachen (CWE)
CWE-89
Referenzen
https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpy(security@apache.org)
http://www.openwall.com/lists/oss-security/2026/04/17/4(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.