CVE-2026-4593

MEDIUM 6.3

erupts erupt MCP Tool EruptDataQuery.java EruptDataQuery sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

7th

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-564 CWE-89
Vendor	erupts
Product	erupt
Published	Mar 23, 2026
Last Updated	Mar 25, 2026

Stay Ahead of the Next One

Get instant alerts for erupts erupt

Be the first to know when new medium vulnerabilities affecting erupts erupt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

erupts / erupt

1.13.0 1.13.1 1.13.2 1.13.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352430 vuldb.com: https://vuldb.com/?ctiid.352430 vuldb.com: https://vuldb.com/?submit.775593 fx4tqqfvdw4.feishu.cn: https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink

Credits

🔍 xcxr (VulDB User) VulDB