HTTP MCP Server Vulnerability in Apache Pinot's mcp-pinot by Startree
CVE-2026-49257

10CRITICAL

Key Information:

Vendor

Startreedata

Status
Mcp-pinot
Vendor
CVE Published:
18 June 2026

What is CVE-2026-49257?

The mcp-pinot server, part of the Model Context Protocol for Apache Pinot, inadvertently exposes a significant security flaw in versions 3.0.1 and earlier. By default, it operates as an HTTP server bound to 0.0.0.0:8080 without any authentication, allowing anyone on the same network to interact with it. This configuration permits unauthorized users to execute SQL queries, modify table configurations, and create schemas, resulting in a confused-deputy scenario where server-side operations are executed with Pinot's credentials. To mitigate these risks, the issue has been addressed in version 3.1.0, which introduces necessary authentication protocols.

Affected Version(s)

mcp-pinot < 3.1.0

References

https://github.com/startreedata/mcp-pinot/security/adviso...
x_refsource_CONFIRM
https://github.com/startreedata/mcp-pinot/issues/90
x_refsource_MISC
https://github.com/startreedata/mcp-pinot/pull/95
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.