CVE-2026-31841
Information Disclosure via Raw SQL Query Exposure in Hyperterse Search Tool
Publication date: 2026-03-12
Last updated on: 2026-03-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hyperterse | hyperterse | to 2.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-433 | The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31841 is a moderate severity vulnerability in the Hyperterse MCP search tool versions 2.0.0 up to but not including 2.2.0. The search tool allows large language models (LLMs) to find tools using natural language queries. However, due to this vulnerability, the tool inadvertently exposed raw SQL database queries in its search results. These SQL statements were meant to be executed internally and kept hidden from users, but were instead revealed publicly.
This exposure could allow an unauthenticated remote attacker to view sensitive database query statements, potentially leaking confidential information about the database structure or contents.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive SQL queries that reveal internal database operations. This information disclosure can aid attackers in understanding the database schema and crafting further attacks, such as SQL injection or data extraction.
Since the vulnerability requires no privileges or user interaction and can be exploited remotely, it increases the risk of unauthorized access to sensitive backend information.
The impact is rated as moderate with low confidentiality and integrity impact, and no availability impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Hyperterse search tool returns raw SQL queries in its search results. Specifically, versions from 2.0.0 up to but not including 2.2.0 expose these raw SQL statements publicly.'}, {'type': 'paragraph', 'content': 'To detect this on your system, you can perform search queries using the Hyperterse search tool and inspect the returned results for any raw SQL statements.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves the exposure of raw SQL queries in search results, you might use commands or scripts that query the search API endpoint and parse the response for SQL syntax patterns such as SELECT, INSERT, UPDATE, or DELETE statements.'}, {'type': 'list_item', 'content': 'Use curl or similar tools to query the search endpoint, for example: curl -X POST https://your-hyperterse-instance/api/search -d \'{"query":"your search term"}\''}, {'type': 'list_item', 'content': "Inspect the JSON response for fields containing raw SQL statements, especially any 'statement' fields or unexpected SQL code."}, {'type': 'list_item', 'content': 'Automate detection by scripting a check for SQL keywords in the search results to identify if raw queries are being exposed.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade Hyperterse to version 2.2.0 or later, where the vulnerability has been fixed by removing the exposure of raw SQL queries in search results.
If upgrading immediately is not possible, restrict access to the vulnerable Hyperterse search tool to trusted users or internal networks to prevent unauthenticated remote attackers from exploiting the issue.
Monitor and audit search tool responses for any exposure of raw SQL queries and consider disabling or limiting the search functionality temporarily until the patch can be applied.