CVE-2026-44969 in dbt-mcp정보

요약

\~에 의해 MITRE • 2026. 07. 16.

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.call_tool() in src/dbt_mcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configure_file_logging() wrote those records to dbt-mcp.log when DBT_MCP_SERVER_FILE_LOGGING=true, preserving sensitive sql_query, vars, and node_selection values in plaintext without automatic rotation or deletion. This issue is fixed in version 1.17.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

GitHub M

예약하다

2026. 05. 08.

모더레이션

수락

항목

VDB-379604

EPSS

0.00000

활동

낮음

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!