{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/mcp-server-helper-tool-1.0.1-1.0.156/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2026-35228"}],"_cs_exploited":false,"_cs_products":["MCP Server Helper Tool 1.0.1-1.0.156"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","cve","web-application"],"_cs_type":"advisory","_cs_vendors":["Oracle"],"content_html":"\u003cp\u003eCVE-2026-35228 is a SQL injection vulnerability affecting the Oracle MCP Server Helper Tool, specifically the \u0026lsquo;helper tool\u0026rsquo; component. The vulnerability exists in versions 1.0.1 through 1.0.156. An unauthenticated attacker with network access via HTTP can exploit this vulnerability, allowing them to execute arbitrary SQL commands on the affected system. This poses a significant risk, as successful exploitation could lead to data breaches, modification of sensitive information, or complete system compromise. Organizations using affected versions of the Oracle MCP Server Helper Tool should take immediate steps to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of Oracle MCP Server Helper Tool (versions 1.0.1-1.0.156) exposed over HTTP.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request containing a SQL injection payload within a parameter processed by the \u0026lsquo;helper tool\u0026rsquo; component.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted HTTP request to the vulnerable server.\u003c/li\u003e\n\u003cli\u003eThe server-side application fails to properly sanitize the input, passing the malicious SQL payload to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the attacker-controlled SQL query.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to read, modify, or delete data within the database.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate their privileges within the application and potentially the underlying operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, such as exfiltrating sensitive data or disrupting service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35228 allows an unauthenticated attacker to execute arbitrary SQL commands on the Oracle MCP Server Helper Tool. This could lead to the compromise of sensitive data, modification of application settings, or even complete control of the affected server. The severity of the impact depends on the privileges of the database user and the sensitivity of the data stored within the database. If the database user has high privileges, the attacker could potentially take complete control of the system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Oracle MCP Server Helper Tool to a patched version that addresses CVE-2026-35228.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious HTTP Requests to MCP Server Helper\u003c/code\u003e to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to filter out malicious SQL injection payloads in HTTP requests targeting the MCP Server Helper Tool.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-23T18:00:00Z","date_published":"2024-01-23T18:00:00Z","id":"/briefs/2024-01-oracle-mcp-sqli/","summary":"CVE-2026-35228 is a critical vulnerability in Oracle MCP Server Helper Tool versions 1.0.1 through 1.0.156, allowing unauthenticated remote attackers to execute arbitrary SQL commands.","title":"Oracle MCP Server Helper Tool Unauthenticated SQL Injection Vulnerability (CVE-2026-35228)","url":"https://feed.craftedsignal.io/briefs/2024-01-oracle-mcp-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — MCP Server Helper Tool 1.0.1-1.0.156","version":"https://jsonfeed.org/version/1.1"}