CVE-2026-5322
Received Received - Intake
SQL Injection in MCP Handler's Request Function Enables Remote Attack

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5322
EUVD
EUVD-2026-18126
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alejandroarciniegas mcp-data-vis *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5322 is a critical SQL Injection vulnerability in the mcp-data-vis project's database server component, specifically in the create_table tool. The vulnerability occurs because the tool constructs a SQL CREATE TABLE statement by directly embedding an attacker-controlled schema parameter into the SQL string without proper sanitization or parameterization.

While the table_name parameter is validated with a regex to ensure it matches a safe pattern, the schema parameter is inserted verbatim into the SQL statement executed by the database. This allows an attacker who can invoke the exposed MCP handler or RPC method create_table to inject arbitrary SQL commands by crafting malicious schema input.

For example, an attacker could use a payload like "id INTEGER); DROP TABLE users; -- " to terminate the intended CREATE TABLE statement and append a destructive DROP TABLE command, leading to unauthorized data access or destruction.

Impact Analysis

This vulnerability can have severe impacts including unauthorized data disclosure, data modification, and data destruction.

  • Confidentiality impact: Attackers can read unauthorized data.
  • Integrity impact: Attackers can modify or delete data and database schema.
  • Availability impact: Attackers can drop tables or corrupt the database, causing service disruption.
Detection Guidance

This vulnerability can be detected by monitoring for attempts to invoke the MCP handler or RPC method `create_table` with suspicious or malformed `schema` parameters that include SQL metacharacters or statement separators.

One approach is to inspect logs or network traffic for JSON-RPC requests targeting the MCP server that contain unusual payloads in the `schema` field, such as SQL commands appended to the intended schema definition.

Example commands to detect such attempts might include using network packet capture tools or log analysis with pattern matching for SQL injection indicators.

  • Use tcpdump or Wireshark to capture traffic on the MCP server port and filter for JSON-RPC requests containing the `create_table` method.
  • Use grep or similar tools on server logs to search for suspicious `schema` parameters, e.g., `grep -i 'create_table' /path/to/logs | grep -E 'DROP|;|--'`.
  • Implement application-level logging to record all `create_table` calls and review inputs for unexpected SQL syntax.
Mitigation Strategies

Immediate mitigation steps include restricting access to the MCP database server component to trusted users and trusted network transports only.

Remove or disable support for raw attacker-supplied schema fragments in the `create_table` method to prevent direct injection of SQL commands.

Replace free-form schema input with a strict, validated, and structured schema definition on the server side, rejecting any metacharacters or SQL statement separators in user inputs.

Avoid direct string interpolation of user input into SQL statements; instead, convert constrained declarative schema formats into SQL via trusted logic.

Add regression tests to ensure that attacker input cannot alter SQL structure or execute unintended commands.

Compliance Impact

The SQL Injection vulnerability in the mcp-data-vis project can lead to unauthorized access, modification, or deletion of sensitive data stored in the database. This compromises the confidentiality, integrity, and availability of data.

Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and data breaches.

Specifically, the vulnerability allows attackers to read unauthorized data, modify or delete data and schema, and potentially disrupt service availability, all of which are critical concerns under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5322. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart