PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44968 dbt-labs CVE debrief

CVE-2026-44968 is a MEDIUM severity vulnerability in dbt-mcp, caused by unsanitized node_selection and resource_type values in _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py. This allows an MCP client to inject dbt global flags into subprocess.Popen. The CVE record was published on 2026-07-16T18:16:43.100Z and has not been modified since then. Users of dbt-mcp should be aware of this vulnerability and take steps to mitigate it by applying the patch to upgrade to version 1.17.1.

Vendor
dbt-labs
Product
dbt-mcp
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of dbt-mcp, operators, platform administrators, vulnerability management teams, and security teams should be aware of this vulnerability and take steps to mitigate it. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability is caused by unsanitized node_selection and resource_type values in _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py, allowing an MCP client to inject dbt global flags such as --profiles-dir, --project-dir, and --target into subprocess.Popen. This issue is fixed in version 1.17.1. The affected product context requires defensive impact assessment and source-grounded technical framing.

Defensive priority

MEDIUM

Recommended defensive actions

  • Inventory and verify dbt-mcp installations
  • Apply the patch to upgrade to version 1.17.1
  • Monitor for suspicious activity
  • Implement compensating controls
  • Exception tracking and retest
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-16T18:16:43.100Z. The vulnerability is fixed in version 1.17.1. Users should verify the affected scope and apply the patch to upgrade to version 1.17.1. The vulnerability allows an MCP client to inject dbt global flags such as --profiles-dir, --project-dir, and --target into subprocess.Popen. Evidence limits suggest that defenders should verify the dbt-mcp installations and configurations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T18:16:43.100Z and has not been modified since then.