Medium severity6.3NVD Advisory· Published May 1, 2026· Updated May 1, 2026

CVE-2026-7591

Description

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in TimBroddin/astro-mcp-server ≤1.1.1 allows remote attackers to manipulate SQLite queries via MCP tool parameters, with public exploit available.

Vulnerability

Details

CVE-2026-7591 describes an SQL injection vulnerability in the TimBroddin/astro-mcp-server project, affecting versions up to 1.1.1. The flaw resides in src/index.ts, where multiple MCP tools—such as search_rankings—accept user-controlled parameters (e.g., keyword, store, appName, appId) and directly interpolate them into SQLite query strings executed by db.exec() without proper sanitization [1][2]. This constitutes a classic CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) [2].

Exploitation

An attacker with network access to the MCP interface can craft malicious values for these parameters and send them to any of the affected tools. The attack is remotely exploitable and does not require authentication [2]. The vulnerability was reported via a GitHub issue on April 14, 2026, and a public exploit has since been released [2].

Impact

Successful exploitation allows the attacker to bypass intended filters, extract arbitrary data from the local Astro ASO database, and alter query semantics. This could lead to unauthorized disclosure of app ranking data, keyword trends, and other sensitive information stored in the SQLite database [2].

Mitigation

As of the publication date, no fixed version has been released. The project maintainer was informed through an issue report but has not responded [2]. Users are advised to restrict network access to the MCP server, disable the service if not required, or implement a reverse proxy with input validation until a patch becomes available.

References

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

6.3/ 10

CVSS v42.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.03%

VYPR risk score

Composite of severity, exploitation, and reach.

0.41medium

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE ID

CVE-2026-7591

Source code

github.com/TimBroddin/astro-mcp-server/

Credits

_(
_Eternity_ (VulDB User)
reporter
VC
VulDB CNA Team
coordinator