VYPR

PyPI package

sqlite-mcp

pkg:pypi/sqlite-mcp

Vulnerabilities (1)

  • CVE-2026-7206HigApr 28, 2026
    affected <= 0.1.0

    A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible.