CVE-2026-5322
SQL Injection in MCP Handler's Request Function Enables Remote Attack
Publication date: 2026-04-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alejandroarciniegas | mcp-data-vis | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5322 is a critical SQL Injection vulnerability in the mcp-data-vis project's database server component, specifically in the create_table tool. The vulnerability occurs because the tool constructs a SQL CREATE TABLE statement by directly embedding an attacker-controlled schema parameter into the SQL string without proper sanitization or parameterization.
While the table_name parameter is validated with a regex to ensure it matches a safe pattern, the schema parameter is inserted verbatim into the SQL statement executed by the database. This allows an attacker who can invoke the exposed MCP handler or RPC method create_table to inject arbitrary SQL commands by crafting malicious schema input.
For example, an attacker could use a payload like "id INTEGER); DROP TABLE users; -- " to terminate the intended CREATE TABLE statement and append a destructive DROP TABLE command, leading to unauthorized data access or destruction.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized data disclosure, data modification, and data destruction.
- Confidentiality impact: Attackers can read unauthorized data.
- Integrity impact: Attackers can modify or delete data and database schema.
- Availability impact: Attackers can drop tables or corrupt the database, causing service disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to invoke the MCP handler or RPC method `create_table` with suspicious or malformed `schema` parameters that include SQL metacharacters or statement separators.
One approach is to inspect logs or network traffic for JSON-RPC requests targeting the MCP server that contain unusual payloads in the `schema` field, such as SQL commands appended to the intended schema definition.
Example commands to detect such attempts might include using network packet capture tools or log analysis with pattern matching for SQL injection indicators.
- Use tcpdump or Wireshark to capture traffic on the MCP server port and filter for JSON-RPC requests containing the `create_table` method.
- Use grep or similar tools on server logs to search for suspicious `schema` parameters, e.g., `grep -i 'create_table' /path/to/logs | grep -E 'DROP|;|--'`.
- Implement application-level logging to record all `create_table` calls and review inputs for unexpected SQL syntax.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the MCP database server component to trusted users and trusted network transports only.
Remove or disable support for raw attacker-supplied schema fragments in the `create_table` method to prevent direct injection of SQL commands.
Replace free-form schema input with a strict, validated, and structured schema definition on the server side, rejecting any metacharacters or SQL statement separators in user inputs.
Avoid direct string interpolation of user input into SQL statements; instead, convert constrained declarative schema formats into SQL via trusted logic.
Add regression tests to ensure that attacker input cannot alter SQL structure or execute unintended commands.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL Injection vulnerability in the mcp-data-vis project can lead to unauthorized access, modification, or deletion of sensitive data stored in the database. This compromises the confidentiality, integrity, and availability of data.
Such a compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and data breaches.
Specifically, the vulnerability allows attackers to read unauthorized data, modify or delete data and schema, and potentially disrupt service availability, all of which are critical concerns under these regulations.