VDB
KO

PYSEC-2026-1315

Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode

Details

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions.

Impact:

Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications.

Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / doris-mcp-server
Introduced in: 0 Fixed in: 0.6.0
Fix pip install --upgrade 'doris-mcp-server>=0.6.0'

References