CVE-2026-31841

{"id": "CVE-2026-31841", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2026-03-12T17:16:51.050", "references": [{"url": "https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-433"}]}], "descriptions": [{"lang": "en", "value": "Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0."}, {"lang": "es", "value": "Hyperterse es un framework MCP centrado en herramientas para construir superficies de backend listas para IA a partir de configuraci\u00f3n declarativa. Antes de la v2.2.0, la herramienta de b\u00fasqueda permite a los LLM buscar herramientas usando lenguaje natural. Al devolver resultados, Hyperterse tambi\u00e9n devolv\u00eda las consultas SQL sin procesar, exponiendo sentencias que se supon\u00eda que deb\u00edan ejecutarse bajo el cap\u00f3 y protegidas de ser mostradas p\u00fablicamente. Este problema ha sido solucionado a partir de la v2.2.0."}], "lastModified": "2026-03-19T17:35:21.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hyperterse:hyperterse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24A50F24-DD95-48E6-A2B8-B89E1D7E7CCD", "versionEndExcluding": "2.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}