CVE-2026-7206: sqlite-mcp SQL Injection Vulnerability Exposed
The National Vulnerability Database has disclosed CVE-2026-7206, a high-severity SQL injection flaw impacting dubydu sqlite-mcp up to version 0.1.0. The vulnerability resides within the extract_to_json function in src/entry.py, where manipulating the output_filename argument allows for remote SQL injection.
This is a critical finding because the exploit has been publicly released, meaning attackers can immediately weaponize it. The CVSS score of 7.3 (High) reflects the remote exploitability and potential for compromise, with impacts on confidentiality, integrity, and availability. Organizations using sqlite-mcp should consider this an active threat.
The recommended action, as noted by the National Vulnerability Database, is to apply the patch identified as a5580cb992f4f6c308c9ffe6442b2e76709db548. Defenders must prioritize this fix to prevent unauthorized data access and manipulation through this vector.
What This Means For You
- If your organization utilizes dubydu sqlite-mcp, you are directly exposed to CVE-2026-7206. Given the public exploit release, assume active targeting. Immediately identify all instances of sqlite-mcp up to version 0.1.0 and apply patch `a5580cb992f4f6c308c9ffe6442b2e76709db548` without delay. Audit logs for suspicious activity related to `output_filename` manipulation.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7206: SQL Injection via extract_to_json output_filename parameter
title: CVE-2026-7206: SQL Injection via extract_to_json output_filename parameter
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
This rule detects attempts to exploit CVE-2026-7206 by identifying web requests targeting the 'extract_to_json' function with a manipulated 'output_filename' parameter, indicative of an SQL injection attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7206/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/extract_to_json'
cs-uri-query|contains:
- 'output_filename='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7206 | SQLi | dubydu sqlite-mcp up to 0.1.0 |
| CVE-2026-7206 | SQLi | src/entry.py::extract_to_json function |
| CVE-2026-7206 | SQLi | Manipulation of argument output_filename |
| CVE-2026-7206 | SQLi | Patch a5580cb992f4f6c308c9ffe6442b2e76709db548 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 04:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7214: eghuzefa engineer-your-data Path Traversal Vulnerability (High Severity)
CVE-2026-7214 — A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of...
ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly Exploitable
CVE-2026-7213 — A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The...
CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vulnerability
CVE-2026-7212 — A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation...