CVE-2025-66336 | Apache Doris MCP Server contains a SQL injection vulnerabili…

Description

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.

Metadata

CVE ID: CVE-2025-66336
State: PUBLISHED
Assigner: apache
Reserved: 2025-11-27 03:24 UTC
Published: 2026-06-22 06:55 UTC
Last updated: 2026-06-22 07:58 UTC
Primary CWE: CWE-89
CWE-89 Improper Neutralization of Special Elements used in a…
Vendor / Product: Apache Software Foundation / Apache Doris MCP Server
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Apache Software Foundation	Apache Doris MCP Server	—	0.1.0 < 0.6.1

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References (1)

https://lists.apache.org/thread/4l4v3m7ofwrgp4s4s98pjb5l03fcrzo2