Apache Doris Mcp Server — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Doris Mcp Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-66336 — CVSS 8.1 (high): Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly…
CVE-2025-58337 — CVSS 5.4 (medium): An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing…
CVE-2025-66335 — CVSS 5.3 (medium): Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may…