CVE-2026-31841
Hyperterse: Raw exposure of database statements in MCP search tool
描述
Hyperterse allows users to specify database queries for tools to execute under the hood. As of [v2.0.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.0.0), there are only two tools exposed - `search` and `execute`. The `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.
如何修補 CVE-2026-31841
要修補 CVE-2026-31841,請將受影響套件升級到下列已修補版本。
- —升級至 2.2.0 或更新版本
CVE-2026-31841 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 2.0.0, < 2.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |