Detections
Analytics

CVE-2026-11529

medium

Description

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

References

https://vuldb.com/vuln/369146/cti

https://vuldb.com/vuln/369146

https://vuldb.com/submit/836490

https://vuldb.com/cve/CVE-2026-11529

https://github.com/designcomputer/mysql_mcp_server/releases/tag/v0.3.0

https://github.com/designcomputer/mysql_mcp_server/pull/86

https://github.com/designcomputer/mysql_mcp_server/issues/89

https://github.com/designcomputer/mysql_mcp_server/commit/080bef9a96d625ce0dfbde573a08b93497871981

Details

Source: Mitre, NVD

Published: 2026-06-08

Updated: 2026-06-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium