CVE-2026-7591 | TimBroddin astro-mcp-server up to 1.1.1 MCP Tool Query Construction src/index.ts request.params.arguments sql injection

May 1, 2026 Yanac

A vulnerability, which was classified as critical, has been found in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection.

This vulnerability was named CVE-2026-7591. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More