Threat Advisory

Mcp Pinot Vulnerability Enables Remote Access

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-49257 with a CVSS score of 10.0 is a critical vulnerability in the mcp-pinot-server package, specifically affecting versions 3.0.1 and below, where the server defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled, allowing all MCP tools to be reachable by any network-adjacent caller. This vulnerability can be exploited by an attacker via the network attack vector, with low complexity and no required privileges or user interaction, granting them full read/write access to the configured Pinot cluster, as the server proxies these calls using server-side Pinot credentials. If exploited, this vulnerability can have significant business impact and consequences, including high confidentiality, integrity, and availability impacts, as unauthenticated callers can read table data, create or update schemas, and degrade or disrupt Pinot availability. The prerequisites for exploitation include the affected mcp-pinot-server version being bound to 0.0.0.0 and having OAuth disabled by default, which are the default settings in affected versions.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-49257 with a CVSS score of 10.0 is a critical vulnerability in the mcp-pinot-server package, specifically affecting versions 3.0.1 and below, where the server defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled, allowing all MCP tools to be reachable by any network-adjacent caller. This vulnerability can be exploited by an attacker via the network attack vector, with low complexity and no required privileges or user interaction, granting them full read/write access to the configured Pinot cluster, as the server proxies these calls using server-side Pinot credentials. If exploited, this vulnerability can have significant business impact and consequences, including high confidentiality, integrity, and availability impacts, as unauthenticated callers can read table data, create or update schemas, and degrade or disrupt Pinot availability. The prerequisites for exploitation include the affected mcp-pinot-server version being bound to 0.0.0.0 and having OAuth disabled by default, which are the default settings in affected versions.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update mcp-pinot to version 3.1.0.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-73cv-556c-w3g6

[/emaillocker]
crossmenu