CVE-2026-5322 | AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability was found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. It has been classified as critical. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection.

This vulnerability is listed as CVE-2026-5322. The attack may be initiated remotely. In addition, an exploit is available.

This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5322 | AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

Post correlati

CVE-2025-10144 | quadlayers Perfect Brands for WooCommerce Plugin up to 3.6.2 on WordPress Shortcode products brands sql injection

CVE-2025-47594 | DAEXT Soccer Live Scores Plugin up to 1.0.5 on WordPress cross-site request forgery

CVE-2026-28512 | pocket-id Pocket ID up to 2.3.x redirect_uri

CVE-2025-15493 | RainyGao DocSys up to 2.02.36 ReposAuthMapper.xml searchWord sql injection