{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/sqlite-mcp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7206"}],"_cs_exploited":true,"_cs_products":["sqlite-mcp"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-7206","web-application"],"_cs_type":"threat","_cs_vendors":["dubydu"],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-7206, has been discovered in dubydu\u0026rsquo;s sqlite-mcp software, affecting versions up to 0.1.0. The vulnerability resides within the \u003ccode\u003eextract_to_json\u003c/code\u003e function located in the \u003ccode\u003esrc/entry.py\u003c/code\u003e file. An attacker can exploit this flaw by manipulating the \u003ccode\u003eoutput_filename\u003c/code\u003e argument, leading to the execution of arbitrary SQL commands. This vulnerability is remotely exploitable, meaning an attacker does not need local access to the system. A proof-of-concept exploit is publicly available, increasing the risk of active exploitation. Applying patch \u003ccode\u003ea5580cb992f4f6c308c9ffe6442b2e76709db548\u003c/code\u003e is the recommended remediation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable instance of dubydu sqlite-mcp running a version prior to the patched version.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eextract_to_json\u003c/code\u003e function in \u003ccode\u003esrc/entry.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003eoutput_filename\u003c/code\u003e argument of the request.\u003c/li\u003e\n\u003cli\u003eThe application processes the attacker-supplied \u003ccode\u003eoutput_filename\u003c/code\u003e argument without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is passed directly to the underlying SQLite database engine.\u003c/li\u003e\n\u003cli\u003eThe SQLite database executes the injected SQL commands, potentially allowing the attacker to read sensitive data, modify data, or execute system commands, depending on the application\u0026rsquo;s privileges and database configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the results of the injected SQL query, such as extracted data or confirmation of successful command execution.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised database to achieve further objectives, such as data exfiltration or privilege escalation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-7206) can allow an attacker to execute arbitrary SQL queries against the underlying SQLite database. This could lead to the disclosure of sensitive information, modification of data, or even complete compromise of the application and the system it resides on. The CVSS v3.1 base score is 7.3, indicating a high severity vulnerability. Given the public availability of an exploit, affected systems are at an elevated risk of attack.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the provided patch \u003ccode\u003ea5580cb992f4f6c308c9ffe6442b2e76709db548\u003c/code\u003e to remediate CVE-2026-7206.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent SQL injection attacks, focusing on the \u003ccode\u003eoutput_filename\u003c/code\u003e parameter of the \u003ccode\u003eextract_to_json\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003eextract_to_json\u003c/code\u003e function using the Sigma rule \u003ccode\u003eDetect Suspicious sqlite-mcp Requests\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T01:16:02Z","date_published":"2026-04-28T01:16:02Z","id":"/briefs/2026-04-sqlite-injection/","summary":"A SQL injection vulnerability exists in dubydu sqlite-mcp version 0.1.0 and earlier within the extract_to_json function allowing remote exploitation through manipulation of the output_filename argument.","title":"dubydu sqlite-mcp SQL Injection Vulnerability (CVE-2026-7206)","url":"https://feed.craftedsignal.io/briefs/2026-04-sqlite-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Sqlite-Mcp","version":"https://jsonfeed.org/version/1.1"}