Executive Summary

CVE-2026-31841 is a moderate severity vulnerability in the Hyperterse MCP search tool versions 2.0.0 up to but not including 2.2.0. The search tool allows large language models (LLMs) to find tools using natural language queries. However, due to this vulnerability, the tool inadvertently exposed raw SQL database queries in its search results. These SQL statements were meant to be executed internally and kept hidden from users, but were instead revealed publicly.

This exposure could allow an unauthenticated remote attacker to view sensitive database query statements, potentially leaking confidential information about the database structure or contents.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by exposing sensitive SQL queries that reveal internal database operations. This information disclosure can aid attackers in understanding the database schema and crafting further attacks, such as SQL injection or data extraction.

Since the vulnerability requires no privileges or user interaction and can be exploited remotely, it increases the risk of unauthorized access to sensitive backend information.

The impact is rated as moderate with low confidentiality and integrity impact, and no availability impact.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Hyperterse search tool returns raw SQL queries in its search results. Specifically, versions from 2.0.0 up to but not including 2.2.0 expose these raw SQL statements publicly.'}, {'type': 'paragraph', 'content': 'To detect this on your system, you can perform search queries using the Hyperterse search tool and inspect the returned results for any raw SQL statements.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves the exposure of raw SQL queries in search results, you might use commands or scripts that query the search API endpoint and parse the response for SQL syntax patterns such as SELECT, INSERT, UPDATE, or DELETE statements.'}, {'type': 'list_item', 'content': 'Use curl or similar tools to query the search endpoint, for example: curl -X POST https://your-hyperterse-instance/api/search -d \'{"query":"your search term"}\''}, {'type': 'list_item', 'content': "Inspect the JSON response for fields containing raw SQL statements, especially any 'statement' fields or unexpected SQL code."}, {'type': 'list_item', 'content': 'Automate detection by scripting a check for SQL keywords in the search results to identify if raw queries are being exposed.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate and recommended mitigation is to upgrade Hyperterse to version 2.2.0 or later, where the vulnerability has been fixed by removing the exposure of raw SQL queries in search results.

If upgrading immediately is not possible, restrict access to the vulnerable Hyperterse search tool to trusted users or internal networks to prevent unauthenticated remote attackers from exploiting the issue.

Monitor and audit search tool responses for any exposure of raw SQL queries and consider disabling or limiting the search functionality temporarily until the patch can be applied.

Useful 0 Not Useful 0