The Wire
Vibe Coding

Akamai Finds Three Database-MCP Flaw Classes — One Left Unpatched by Alibaba

Akamaimedium signal

Akamai disclosed three back-end vulnerabilities in database MCP servers: SQL injection in the Apache Doris MCP server, an unauthenticated metadata-exfiltration flaw in Alibaba's RDS MCP, and a potential takeover in Apache Pinot's MCP. Alibaba declined to patch the RDS issue, per Akamai analyst Tomer Peled. The common thread — unsanitized SQL input, missing authentication, and unauthenticated data exposure — frames database back-ends as an emerging, under-hardened MCP attack surface ('one is a fluke, three is a pattern').

Follow the thread

Akamai Finds Three Database-MCP Flaw Classes — One Left Unpatched by Alibaba | MindPattern