CVE-2026-35228

High

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0008 22.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP…

Server Helper Tool. Successful attacks of this vulnerability can result in Oracle MCP Server Helper Tool executing malicious SQL.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the specific flaw in Oracle MCP Server Helper Tool versions 1.0.1-1.0.156 directly prevents exploitation of CVE-2026-35228.

SI-10 Information Input Validation good match

prevent

Validating HTTP inputs to the helper tool prevents the execution of malicious SQL by unauthenticated attackers.

SC-7 Boundary Protection partial match

prevent

Monitoring and controlling network communications at boundaries limits unauthenticated HTTP access to the vulnerable helper tool component.

Security SummaryAI

CVE-2026-35228 is a vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects, specifically affecting the helper tool component. The supported versions impacted are 1.0.1 through 1.0.156. This is an SQL injection issue (CWE-89), published on 2026-05-05, with a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).

An easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle MCP Server Helper Tool. Exploitation requires low privileges and user interaction but has low attack complexity over the network. Successful attacks result in the tool executing malicious SQL, enabling high impacts to confidentiality and integrity with a changed scope.

Mitigation details are available in the Oracle security advisory at https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html.

Details

CWE(s): CWE-89

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: mcp, mcp, mcp

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in a network-accessible HTTP helper tool directly enables T1190 (Exploit Public-Facing Application) for initial compromise and data access/manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html
secalert_us@oracle.com