MEDIUM 6.3

CVE-2026-11529: SQL Injection in mysql-mcp-server — Upgrade to 0.3.0

A SQL injection vulnerability exists in the mysql-mcp-server component (versions up to 0.2.2) that allows authenticated users to execute arbitrary SQL commands by manipulating URI parameters. An attacker with valid credentials can read, modify, or delete database records. The vulnerability has been publicly disclosed, increasing immediate risk. Upgrading to version 0.3.0 eliminates the issue.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weaknesses (CWE)
CWE-74, CWE-89
Affected products
0 configuration(s)
Published / Modified
2026-06-08 / 2026-06-17

NVD description (verbatim)

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

8 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The read_resource function in src/mysql_mcp_server/server.py fails to properly sanitize the uri_str argument before passing it to SQL operations. This classic SQL injection flaw (CWE-89) allows an authenticated attacker to inject malicious SQL syntax and execute unauthorized queries against the underlying MySQL database. The vulnerability is rooted in improper input validation (CWE-74) of user-controlled URI strings. Exploitation requires valid authentication credentials but no elevated privileges.

Business impact

Organizations using mysql-mcp-server are exposed to data exfiltration, unauthorized modification, and potential denial of service of critical database assets. The authenticated requirement limits blast radius to insider threats and compromised service accounts. However, if this component handles sensitive data (financial records, customer information, credentials), the impact could be severe. Unpatched systems face reputational damage and compliance violations if breaches occur.

Affected systems

designcomputer mysql-mcp-server versions 0.2.2 and earlier are affected. Version 0.3.0 and later contain the fix. Organizations should audit deployments to identify all instances of this component, including embedded or indirect dependencies in larger applications and services.

Exploitability

The vulnerability is exploitable by any user with valid authentication to the application. Public disclosure of the vulnerability means exploit techniques are likely documented or demonstrated. No sophisticated tooling is required—basic SQL injection payloads adapted to the URI parameter can trigger the flaw. The attack surface is moderate because exploitation requires prior authentication, but the low complexity of the attack increases likelihood of exploitation once discovered by threat actors.

Remediation

Immediately upgrade mysql-mcp-server to version 0.3.0 or later. Apply patch 080bef9a96d625ce0dfbde573a08b93497871981 if version upgrades are not immediately feasible. After patching, audit database logs for suspicious SQL activity dating back to deployment to detect prior exploitation. Reset or rotate credentials for service accounts that interact with the affected component.

Patch guidance

Verify that your deployment is running designcomputer mysql-mcp-server 0.3.0 or later using version reporting tools or dependency manifests. Test the upgrade in a staging environment to ensure compatibility with dependent applications. If internal patches are applied instead of upgrading, confirm that patch 080bef9a96d625ce0dfbde573a08b93497871981 is present in your codebase. Schedule patching within 30 days given the public disclosure and CVSS 6.3 severity.

Detection guidance

Monitor MySQL query logs for unusual SQL syntax in parameters originating from the mysql-mcp-server component—look for UNION, SELECT, OR 1=1, and other injection indicators. Track failed authentication attempts and subsequent successful queries from service accounts. Network detection should flag unexpected database connections or bulk data transfers from the affected service. Implement input validation alerts on URI parameters in application logs if available.

Why prioritize this

This vulnerability merits near-term attention despite MEDIUM severity (6.3 CVSS) because it combines authenticated SQL injection with public disclosure. The low attack complexity and authenticated-but-not-privileged requirement mean existing user accounts or compromised credentials pose immediate risk. Organizations dependent on database integrity should prioritize this above lower-complexity, lower-impact issues. However, it ranks below critical data-theft or unauthenticated RCE vulnerabilities.

Risk score, explained

CVSS 6.3 reflects a MEDIUM-severity issue: the network-accessible attack vector (AV:N) and low attack complexity (AC:L) increase score, but the requirement for prior login (PR:L) and lack of scope escalation (S:U) prevent a higher rating. The impact is partial across confidentiality, integrity, and availability (C:L, I:L, A:L), consistent with SQL injection that does not automatically compromise the entire system but allows data manipulation by an authenticated user. This score appropriately captures the moderate but meaningful risk posed by the flaw.

Frequently asked questions

Do we need to upgrade if our mysql-mcp-server instance is internal and not exposed to the internet?

Yes. The CVSS vector indicates network accessibility, but 'internal' does not eliminate risk from insider threats, lateral movement after other compromises, or if any user account is shared or compromised. Additionally, if the service is called by other applications that are internet-facing, the attack surface extends. Upgrade regardless of network topology.

What should we check in our logs to see if this vulnerability was exploited?

Query the MySQL database logs and application logs from the mysql-mcp-server for timestamps between deployment and patching. Look for: (1) unusual SQL syntax in URI parameters (UNION, OR, comment characters), (2) queries that differ from the service's normal data access patterns, (3) multiple failed queries followed by a successful one (sign of injection testing), and (4) access to tables or columns the service should not normally read. Correlate with any unauthorized data access incidents during this window.

Is there a workaround if we cannot upgrade immediately?

A robust temporary mitigation is to restrict database permissions for the service account running mysql-mcp-server to only the tables and operations it requires (principle of least privilege). Use MySQL GRANT statements to deny SELECT/INSERT/UPDATE/DELETE on sensitive tables. This does not fix the injection but limits damage. Additionally, implement database-level query monitoring and alerting. However, these are not substitutes for patching—prioritize the upgrade.

Does this vulnerability appear on the CISA Known Exploited Vulnerabilities (KEV) list?

No, this vulnerability is not currently listed on the CISA KEV catalog. However, public disclosure and the low attack complexity mean it should be treated with urgency. KEV status does not determine urgency; prioritize based on exposure, data sensitivity, and exploitability.

This analysis is based on the CVE record and vendor advisory as of the publication date. Vulnerability details, patch availability, and affected versions may evolve; verify against the official designcomputer advisory and your software bill of materials (SBOM) before taking action. SQL injection is context-dependent; actual impact depends on database schema, service privileges, and data sensitivity in your environment. No exploit code or weaponized PoC is provided herein. SEC.co makes no warranty regarding the completeness or timeliness of this information. Source: NVD (public-domain), retrieved 2026-07-15. Analysis generated by SEC.co (claude-haiku-4-5).