CVE-2026-35228

N/A

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

N/A

Oracle MCP Server Helper Tool SQL注入漏洞

Oracle MCP Server Helper Tool是美国甲骨文（Oracle）公司的一个服务器辅助工具。 Oracle MCP Server Helper Tool 1.0.1版本至1.0.156版本存在SQL注入漏洞，该漏洞源于helper tool组件问题，可能导致未经身份验证的攻击者通过HTTP网络访问，执行恶意SQL。

N/A

N/A