VYPR

Doris MCP Server

by Apache

Source repositories

CVEs (3)

  • CVE-2025-66335MedApr 20, 2026
    risk 0.27cvss 5.3epss 0.01

    Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution…

  • CVE-2025-66336Jun 22, 2026
    risk 0.00cvss epss 0.00

    Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated…

  • CVE-2025-58337Nov 5, 2025
    risk 0.00cvss epss 0.00

    An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may…