QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66335

Published: Apr 20, 2026

Modified: Apr 20, 2026

PUBLISHED

Description

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected.

Vendor	Product	Versions
Apache Software Foundation	Apache Doris MCP Server	affected `0.1.0 - < 0.6.1`

Weaknesses (CWE)

References

https://lists.apache.org/thread/odp0fyyst8kxm7hhm9z4d1snh1y4hjpy

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.