CVE Catalog

CVE-2026-49257

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

mcp-pinot is a Python-based Model Context Protocol (MCP) server that, in versions 3.0.1 and below, defaults to running an HTTP MCP server without authentication. All MCP tools are accessible to any network-adjacent caller, leading to significant security vulnerabilities.

Risk Assessment

The lack of authentication allows unauthorized users to execute SQL queries and modify schemas and table configurations, potentially leading to unauthorized access to data in the Pinot cluster.

Recommendation

It is recommended to upgrade to version 3.1.0 or later to mitigate this vulnerability and to implement appropriate authentication mechanisms.

Original NVD description (English source)

mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and table-config mutation, are reachable by any network-adjacent caller. The server proxies these calls using server-side Pinot credentials, producing a confused-deputy condition that yields full read/write access to the configured Pinot cluster. This issue has been fixed in version 3.1.0

Vulnerability data from NVD (NIST) · CISA KEV · EPSS