CVE-2026-7591
SQL Injection in astro-mcp-server via MCP Tool Query
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| timbroddin | astro-mcp-server | to 1.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in the TimBroddin astro-mcp-server up to version 1.1.1. It exists in an unknown function within the file src/index.ts, specifically in the MCP Tool Query Construction component. The flaw allows an attacker to manipulate the argument request.params.arguments, which leads to a SQL injection vulnerability. This means that an attacker can inject malicious SQL code through this parameter.
The attack can be initiated remotely, and the exploit code has already been made public. The project maintainers were informed early but have not yet responded to the issue.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform SQL injection attacks remotely. Such attacks can lead to unauthorized access to the database, data leakage, data modification, or even deletion of data. It can compromise the integrity, confidentiality, and availability of the affected system's data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in astro-mcp-server allows an attacker to extract arbitrary data from the local Astro ASO database, leading to high confidentiality risks due to potential data disclosure.
Such unauthorized data access and potential data breaches can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.
The vulnerability's ability to expose confidential data could result in violations of these standards, potentially leading to legal and regulatory consequences if sensitive data is compromised.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL injection vulnerability can be detected by crafting malicious requests that include SQL metacharacters in parameters such as 'keyword' and observing if the server returns injected data, like the SQLite version, in the response.
Detection was performed using static analysis and dynamic testing with a tool called MCP Inspector.
A practical approach to detection is to send a request to the MCP server's interface with a parameter containing SQL injection payloads and check if the response includes unexpected data or errors indicating SQL injection.
- Example command (using curl) to test injection in the 'keyword' parameter:
- curl -G 'http://<astro-mcp-server-address>/search_rankings' --data-urlencode "keyword=' OR 1=1--"
- If the response contains data that should not be accessible or SQLite version info, it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the astro-mcp-server to trusted users only and avoiding exposing the MCP server to untrusted networks.
Do not run the server against sensitive databases until a fix is applied.
The recommended long-term fix involves replacing unsafe string interpolation in SQL queries with prepared statements, validating input parameters to reject SQL metacharacters, and adding regression tests to ensure inputs are treated as data.