← Retour aux CVEs
CVE-2026-31841
MEDIUM6.5
Description
Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/12/2026
Derniere modification3/19/2026
Sourcenvd
Observations honeypot0
Produits affectes
hyperterse:hyperterse
Faiblesses (CWE)
CWE-433
References
https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0(security-advisories@github.com)
https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.