Ethical Hacking News
A recent investigation has uncovered three severe security vulnerabilities in Model Context Protocol (MCP) servers used by prominent database projects, highlighting the need for greater collaboration among vendors and users to ensure the security of MCP servers.
Three severe security vulnerabilities were discovered in Model Context Protocol (MCP) servers used by prominent database projects. A vulnerability was found in Apache Doris, Alibaba RDS, and Apache Pinot, with unpatched issues that could be exploited by malicious actors. The vulnerabilities include a SQL injection flaw in Apache Doris, an authentication validation bypass in Apache Pinot, and an information disclosure issue in Alibaba RDS.
A recent investigation by a seasoned bug hunter has uncovered three severe security vulnerabilities in Model Context Protocol (MCP) servers used by prominent database projects. The flaws were discovered in Apache Doris, Alibaba RDS, and Apache Pinot, with the latter two having unpatched vulnerabilities that could be exploited by malicious actors.
The investigation, conducted by Tomer Peled, a security expert at Akamai, revealed that the first vulnerability, CVE-2025-66335, is a SQL injection flaw in Apache Doris MCP Server versions earlier than 0.6.1. This vulnerability allows an attacker to inject malicious SQL code into the system, potentially leading to unauthorized access and control of the database.
The second vulnerability, identified as CVE-2025-66336, is an authentication validation bypass in Apache Pinot MCP. This flaw enables attackers to bypass authentication checks and execute arbitrary commands on the victim's Apache Pinot instance, giving them full control over the database.
The third and most concerning vulnerability discovered by Peled is an information disclosure issue in Alibaba RDS MCP server. This flaw allows unauthenticated attackers to exfiltrate sensitive metadata from the database without needing any query validation or access controls.
What makes these vulnerabilities particularly concerning is that they are present in production-ready MCP servers, which are used by organizations worldwide to integrate AI applications with external data sources. The fact that one vendor, Alibaba, has refused to patch its vulnerability raises questions about the effectiveness of the MCP community's security protocols and the need for greater collaboration among vendors and users.
MCP is an open-source protocol originally developed by Anthropic that allows Large Language Models (LLMs), AI applications, and agents to connect to external data, systems, and one another. The protocol's design allows for seamless integration with various databases and AI frameworks, making it a crucial component of modern AI development.
However, the discovery of these vulnerabilities highlights the need for improved security protocols and guidelines in the MCP community. It is essential that vendors and users work together to ensure that MCP servers are developed with robust security measures in place, including regular vulnerability assessments, penetration testing, and code review.
The investigation by Tomer Peled serves as a wake-up call for the MCP community, underscoring the importance of prioritizing security in AI development. As AI adoption continues to grow, it is essential that we learn from these vulnerabilities and implement more stringent security measures to prevent similar incidents in the future.
In conclusion, the discovery of three massive MCP flaws by Tomer Peled highlights the need for greater collaboration among vendors and users to ensure the security of MCP servers. The refusal of Alibaba to patch its vulnerability raises questions about the effectiveness of the MCP community's security protocols and underscores the importance of prioritizing security in AI development.
Related Information:
https://www.ethicalhackingnews.com/articles/Bug-Hunter-Uncovers-Three-Massive-MCP-Flaws-One-Vendor-Refuses-to-Patch-ehn.shtml
https://www.theregister.com/security/2026/05/13/bug-hunter-tracks-down-three-serious-mcp-database-flaws-one-left-unpatched/5238916
https://nvd.nist.gov/vuln/detail/CVE-2025-66335
https://www.cvedetails.com/cve/CVE-2025-66335/
https://nvd.nist.gov/vuln/detail/CVE-2025-66336
https://www.cvedetails.com/cve/CVE-2025-66336/
Published: Wed May 13 16:43:49 2026 by llama3.2 3B Q4_K_M
