High severity7.3NVD Advisory· Published Apr 28, 2026· Updated Apr 29, 2026

CVE-2026-7206

Description

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sqlite-mcpPyPI	<= 0.1.0	—

Patches

a5580cb992f4

fix: patch path traversal vulnerability in extract_to_json and backup_database

https://github.com/dubydu/sqlite-mcpDoo BuiApr 10, 2026via ghsa

commit

1 file changed · +29 −5

src/entry.py+29 −5 modified

@@ -470,9 +470,17 @@ def backup_database(backup_filename: str = None) -> Dict[str, Any]:
         elif not backup_filename.endswith(".db"):
             backup_filename = f"{backup_filename}.db"
             
+        # Sanitize: strip any directory components to prevent path traversal
+        backup_filename = os.path.basename(backup_filename)
+
         # Create the full destination path
         destination_path = os.path.join(db_dir, backup_filename)
-        
+
+        # Validate the resolved path stays within the database directory
+        if not os.path.abspath(destination_path).startswith(os.path.abspath(db_dir) + os.sep) and \
+           os.path.abspath(destination_path) != os.path.abspath(db_dir):
+            return {"success": False, "error": "Invalid backup filename: path traversal not allowed"}
+
         # Make sure we're not overwriting the original database
         if os.path.abspath(destination_path) == os.path.abspath(DB_NAME):
             return {"success": False, "error": "Backup filename cannot be the same as the original database"}
@@ -519,28 +527,44 @@ def extract_to_json(table_name: str, output_filename: str = None) -> Dict[str, A
         Dict[str, Any]: A dictionary indicating success/failure and containing a result message or error.
     """
     try:
+        # Validate table_name to prevent SQL injection
+        if not table_name.isidentifier():
+            return {"success": False, "error": "Invalid table name"}
+
+        # Anchor exports to the database directory
+        export_dir = os.path.dirname(DB_NAME)
+
         # Generate output filename if not provided
         if not output_filename:
             timestamp = time.strftime("%Y%m%d_%H%M%S")
             output_filename = f"{table_name}_data_{timestamp}.json"
         elif not output_filename.endswith(".json"):
             output_filename = f"{output_filename}.json"
 
-        # Query all data from the table
-        query = f"SELECT * FROM {table_name};"
+        # Sanitize: strip any directory components to prevent path traversal
+        output_filename = os.path.basename(output_filename)
+
+        # Build the full path and validate it stays within the export directory
+        output_path = os.path.join(export_dir, output_filename)
+        if not os.path.abspath(output_path).startswith(os.path.abspath(export_dir) + os.sep) and \
+           os.path.abspath(output_path) != os.path.abspath(export_dir):
+            return {"success": False, "error": "Invalid output filename: path traversal not allowed"}
+
+        # Query all data from the table using parameterized identifier
+        query = f"SELECT * FROM [{table_name}];"
         result = execute_query(query)
 
         if not result["success"]:
             return result
 
         # Write data to JSON file
         data = result.get("results", [])
-        with open(output_filename, "w") as json_file:
+        with open(output_path, "w") as json_file:
             json.dump(data, json_file, indent=4)
 
         return {
             "success": True,
-            "message": f"Data from table '{table_name}' successfully extracted to {output_filename}"
+            "message": f"Data from table '{table_name}' successfully extracted to {output_path}"
         }
     except Exception as e:
         return {"success": False, "error": f"Error extracting data to JSON: {str(e)}"}

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-4j28-22qp-rjcfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-7206ghsaADVISORY
github.com/dubydu/sqlite-mcp/commit/a5580cb992f4f6c308c9ffe6442b2e76709db548nvdWEB
github.com/dubydu/sqlite-mcp/issues/1nvdWEB
github.com/dubydu/sqlite-mcp/pull/2nvdWEB
vuldb.com/submit/802081nvdWEB
vuldb.com/vuln/359806nvdWEB
vuldb.com/vuln/359806/ctinvdWEB

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

7.3/ 10

CVSS v45.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.04%

VYPR risk score

Composite of severity, exploitation, and reach.

0.40medium

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

Weaknesses

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE ID

CVE-2026-7206

Source code

Credits

S(
SmallW (VulDB User)
reporter