CVE-2026-11529

MEDIUM 6.3

designcomputer mysql-mcp-server mysql URI server.py read_resource sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler. This manipulation of the argument uri_str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

CWE	CWE-89 CWE-74
Vendor	designcomputer
Product	mysql-mcp-server
Published	Jun 8, 2026
Last Updated	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for designcomputer mysql-mcp-server

Be the first to know when new medium vulnerabilities affecting designcomputer mysql-mcp-server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

designcomputer / mysql-mcp-server

0.2.0 0.2.1 0.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/369146 vuldb.com: https://vuldb.com/vuln/369146/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11529 vuldb.com: https://vuldb.com/submit/836490 github.com: https://github.com/designcomputer/mysql_mcp_server/issues/89 github.com: https://github.com/designcomputer/mysql_mcp_server/pull/86 github.com: https://github.com/designcomputer/mysql_mcp_server/commit/080bef9a96d625ce0dfbde573a08b93497871981 github.com: https://github.com/designcomputer/mysql_mcp_server/releases/tag/v0.3.0

Credits

🔍 BlackBird_BB (VulDB User)