CVE-2026-7206 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing…
Medium CVSS: 6.9

CVE-2026-7206

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.
Vendor
-
Product
-
CWE
CWE-74
Yayın Tarihi
2026-04-28 01:16:02
Güncelleme
2026-04-28 01:16:02
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-74 MEDIUM 2026

Referanslar

https://github.com/dubydu/sqlite-mcp/ https://github.com/dubydu/sqlite-mcp/commit/a5580cb992f4f6c308c9ffe6442b2e76709db548 https://github.com/dubydu/sqlite-mcp/issues/1 https://github.com/dubydu/sqlite-mcp/pull/2 https://vuldb.com/submit/802081 https://vuldb.com/vuln/359806 https://vuldb.com/vuln/359806/cti