CVE-2026-11529

Source
https://cve.org/CVERecord?id=CVE-2026-11529
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11529.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-11529
Published
2026-06-08T15:30:11.964Z
Modified
2026-07-08T07:59:45.422102381Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection
Details

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/11xxx/CVE-2026-11529.json",
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/designcomputer/mysql_mcp_server

Affected ranges

Type
GIT
Repo
https://github.com/designcomputer/mysql_mcp_server
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0.2.0"
        },
        {
            "last_affected": "0.2.0"
        },
        {
            "introduced": "0.2.1"
        },
        {
            "last_affected": "0.2.1"
        },
        {
            "introduced": "0.2.2"
        },
        {
            "last_affected": "0.2.2"
        }
    ]
}

Affected versions

0.*
0.2.0
0.2.1
0.2.2
v0.*
v0.2.0
v0.2.1
v0.2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-11529.json"