CVE-2026-5322

High

Published: 02 April 2026

Published

02 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0004 12.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5322 is a high-severity Injection (CWE-74) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents SQL injection by validating and sanitizing untrusted inputs to the Request function in server.js before database queries.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation to patch or correct the SQL injection vulnerability in the MCP Handler component.

SI-4 System Monitoring partial match

detect

Enables detection of exploitation attempts through monitoring for anomalous database queries or access patterns.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated SQL injection in a publicly accessible database server component (server.js Request function) directly enables T1190 for initial access via exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed…

to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-5322 is a SQL injection vulnerability (CWE-74, CWE-89) affecting the Request function in the file src/servers/database/server.js of the MCP Handler component within AlejandroArciniegas mcp-data-vis at commit bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. The software follows a rolling release model, so specific version information for affected or patched releases is unavailable.

The vulnerability is remotely exploitable by unauthenticated attackers with low complexity and no user interaction required, earning a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation via SQL injection manipulation can result in limited impacts to confidentiality, integrity, and availability.

Advisories from VulDB and a GitHub issue in wing3e/public_exp detail the vulnerability and disclose a public exploit. The vendor was contacted early but provided no response, with no patches or mitigations specified. The exploit has been made publicly available for potential use.

Notable context includes the public disclosure of the exploit, increasing the risk of active exploitation, particularly given the lack of vendor response.

Details

CWE(s): CWE-74 CWE-89

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: mcp, mcp

CVEs Like This One

CVE-2026-7206Shared CWE-74, CWE-89

CVE-2026-4844Shared CWE-74, CWE-89

CVE-2025-0698Shared CWE-74, CWE-89

CVE-2026-3790Shared CWE-74, CWE-89

CVE-2026-5813Shared CWE-74, CWE-89

CVE-2026-3406Shared CWE-74, CWE-89

CVE-2026-3151Shared CWE-74, CWE-89

CVE-2025-1809Shared CWE-74, CWE-89

CVE-2025-1464Shared CWE-74, CWE-89

CVE-2026-6189Shared CWE-74, CWE-89

References

https://github.com/wing3e/public_exp/issues/19
cna@vuldb.com
https://vuldb.com/submit/780731
cna@vuldb.com
https://vuldb.com/vuln/354654
cna@vuldb.com
https://vuldb.com/vuln/354654/cti
cna@vuldb.com