CVE-2026-11529NVD

Vulnerability Summary

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

Severity Level

MEDIUM(6.3)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.05%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://vuldb.com/vuln/369146
https://vuldb.com/vuln/369146/cti
https://vuldb.com/cve/CVE-2026-11529
https://vuldb.com/submit/836490
https://github.com/designcomputer/mysql_mcp_server/issues/89
https://github.com/designcomputer/mysql_mcp_server/pull/86
https://github.com/designcomputer/mysql_mcp_server/commit/080bef9a96d625ce0dfbde573a08b93497871981
https://github.com/designcomputer/mysql_mcp_server/releases/tag/v0.3.0

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11529NVD

Vulnerability Summary

External References