CVE-2026-7206 | dubydu sqlite-mcp up to 0.1.0 src/entry.py extract_to_json output_filename sql injection

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in dubydu sqlite-mcp up to 0.1.0. It has been classified as critical. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection.

This vulnerability is known as CVE-2026-7206. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Applying a patch is the recommended action to fix this issue.

CVE-2026-7206 | dubydu sqlite-mcp up to 0.1.0 src/entry.py extract_to_json output_filename sql injection

Post correlati

CVE-2023-45716 | HCL Sametime up to 12.0.1 FP1 URL information disclosure (KB0109082)

CVE-2024-42633 | Linksys E1500 1.0.06.001 do_upgrade_post os command injection

CVE-2026-41245 | Junrar up to 7.5.9 RAR LocalFolderExtractor path traversal

CVE-2025-7498 | Exclusive Addons for Elementor Plugin 2.7.9.4 on WordPress Countdown Widget cross site scripting