← back
CVE-2025-66336

Apache Doris MCP Server: SQL injection leading the authentication bypass

CVSS 8.1 HIGHEPSS 0.4%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
22 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N