CVE ID :CVE-2026-49257 Published : June 18, 2026, 9:01 p.m. | 4 hours, 8 minutes ago Description :mcp-pinot is a Python-based Model Context Protocol (MCP) server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-49257 - mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

VERWANDTEARTIKEL

CVE-2026-8806 - Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module

AutoJack: How a single page can RCE the host running your AI agent

CVE-2026-40624 - AVer PTC cameras Files or Directories Accessible to External Parties

CVE-2026-12048 - pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

CVE-2026-12046 - pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

CVE-2026-12045 - pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution