CVE-2026-44970
Received Received - Intake

dbt-mcp Telemetry Exposure via Unredacted Tool Arguments

Vulnerability report for CVE-2026-44970, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emit_tool_called_event() in src/dbt_mcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent it through dbtlabs_vortex.producer.log_proto without redaction, including sql_query from show, vars from run, build, and test, and node_selection from compile, while usage_tracking_enabled in settings.py enabled telemetry by default unless DBT_SEND_ANONYMOUS_USAGE_STATS=false or DO_NOT_TRACK=1 was set. This issue is fixed in version 1.17.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
dbt dbt_mcp 1.17.1
dbt-labs dbt-mcp 1.17.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-44970 is a privacy vulnerability in dbt-mcp where tool arguments, including raw SQL queries and credentials passed via the --vars parameter, are sent to dbt Labs' telemetry service by default without redaction. The issue occurs in the DefaultUsageTracker.emit_tool_called_event() function which serializes all MCP tool call arguments and transmits them verbatim.

Detection Guidance

Check if dbt-mcp version is below 1.17.1 by running: dbt-mcp --version. Inspect network traffic for outbound connections to dbt Labs' telemetry service (dbtlabs_vortex.producer.log_proto). Review logs for transmitted arguments containing SQL queries, vars, or node_selection.

Impact Analysis

This vulnerability may expose sensitive data such as SQL queries containing personally identifiable information or credentials embedded in variables. The data is transmitted to a third-party telemetry service without explicit user consent unless specific environment variables are set to opt out.

Compliance Impact

The vulnerability raises compliance concerns under regulations like GDPR, HIPAA, and SOC 2 due to unintended transmission of sensitive data to a third party without explicit consent. This could violate data protection requirements regarding unauthorized sharing of personal or sensitive information.

Mitigation Strategies

Upgrade dbt-mcp to version 1.17.1 or later. Disable telemetry by setting environment variables: DBT_SEND_ANONYMOUS_USAGE_STATS=false or DO_NOT_TRACK=1. Audit logs for previously exposed sensitive data and rotate any credentials if transmitted.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44970. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart