Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN666
_____________________________________________________________________

DATE                : 23/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Doris MCP Server versions
                                     prior to 0.6.1.
 
=====================================================================
https://lists.apache.org/thread/f52hmh1xb6oyglj63mls5gwyqyqd4mq8
_____________________________________________________________________

CVE-2025-66336: Apache Doris MCP Server: SQL injection leading the
authentication bypass
Severity: important 

Affected versions:

- Apache Doris MCP Server 0.1.0 before 0.6.1

Description:

Apache Doris MCP Server contains a SQL injection vulnerability in a
metadata query path. A user-controlled database name is directly
interpolated into a SQL query, and the query is executed without
passing the caller's authorization context. This may allow an
authenticated attacker, or an anonymous attacker if authentication
is disabled, to bypass SQL security validation and access metadata
outside the intended database scope.

Affected users are recommended to upgrade to Doris version 0.6.1 or
later, which fixes the issue.

Credit:

cherno.x. (reporter)

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2025-66336



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================