LOW
designcomputer
CVE published 2026-06-08
CVE-2026-11529
A SQL injection vulnerability was discovered in the mysql-mcp-server up to version 0.2.2. The vulnerability is located in the `read_resource` function of the `src/mysql_mcp_server/server.py` file, which is part of the mysql URI handler component. An attacker can exploit this vulnerability by manipulating the `uri_str` argument, allowing for remote exploitation. The exploit has been publicly disclosed and [truncated]