CVE-2026-31841

Description

Hyperterse allows users to specify database queries for tools to execute under the hood. As of [v2.0.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.0.0), there are only two tools exposed - `search` and `execute`. The `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.

How to fix CVE-2026-31841

To remediate CVE-2026-31841, upgrade the affected package to a fixed version below.

• —upgrade to 2.2.0 or later

Is CVE-2026-31841 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 2.0.0, < 2.2.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-31841
• PATCHgithub.com/hyperterse/hyperterse
• WEBgithub.com/hyperterse/hyperterse/releases/tag/v2.2.0
• WEBgithub.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv