Raw exposure of database statements in Hyperterse MCP search tool

CVE-2026-31841 describes an information disclosure vulnerability in Hyperterse, a tool-first MCP framework. The search tool, designed to allow LLMs to find tools using natural language, inadvertently returned the raw SQL queries that were supposed to be executed under the hood [1]. This exposure meant that database statements, which should have been protected from public display, were included in the search results.

To exploit this vulnerability, an attacker would need to interact with the Hyperterse service's MCP search endpoint. By crafting natural language queries, they could trigger the search functionality and receive the underlying SQL statements in the response. No special privileges or authentication bypass is required if the search tool is exposed to LLMs or users [4].

The impact is the leakage of sensitive database queries, which might reveal table names, column names, and potentially business logic or data access patterns. This could aid an attacker in further exploiting the database or gaining intelligence about the application's internals [1].

The vulnerability has been addressed in Hyperterse version 2.2.0. The fix ensures that the search results no longer include the 'statement' field; instead, clients should rely on other metadata such as 'name', 'description', 'relevance_score', and 'inputs' [3]. Users are advised to update to v2.2.0 or later to mitigate the issue.