Security2026-06-09 · source-backed
Akamai found three database-MCP flaw classes, and Alibaba declined to patch one.
Story
Akamai disclosed SQL injection in the Apache Doris MCP server, an unauthenticated metadata-exfiltration flaw in Alibaba's RDS MCP, and a potential takeover in Apache Pinot's MCP. The failure modes are boring and that's the point. Unsanitized SQL input, missing authentication, unauthenticated data exposure. Classic web-app bugs shipping in MCP servers because nobody treated the MCP layer as a real network boundary. "One is a fluke, three is a pattern." If you expose a database through MCP, parameterize every query, require auth on every endpoint, and run it through the same review you'd give any public API.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage
MCP server sprawl is now the dominant agent supply-chain risk: 12,520 exposed services, ~40% with no auth.
Both cover Akamai, Apache Doris MCP, MCP, SQL; overlapping topics (akamai, alibaba, apache, auth, server); earlier Akamai coverage from 2026-06-05.
Three Critical MCP Database Server Flaws Found. Alibaba Won't Patch.
Both cover Alibaba, Apache Pinot, MCP, SQL; overlapping topics (alibaba, apache, database, flaw, server); earlier Alibaba coverage from 2026-05-25.
Shared entities / Shared topic / What happened next
The MCP supply chain has a hole in the floor, and it's being exploited right now
Both cover Akamai, MCP; overlapping topics (auth, flaw, server); picks up the Akamai thread on 2026-06-17.
mcp-pinot exposes SQL tools with no login required
Both cover MCP, SQL; overlapping topics (auth, server); picks up the MCP thread on 2026-07-01.
Shared entity: MCP / Shared topic / Earlier coverage / Tension
MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth
Both cover MCP; overlapping topics (auth, authentication, server); earlier MCP coverage from 2026-03-23.
Shared entity: MCP / Shared topic / Earlier coverage
MCP's attack surface keeps widening: 1,467 exposed servers, 67 CVEs from one automated sweep.
Both cover MCP; overlapping topics (auth, flaw, server, unauthenticated); earlier MCP coverage from 2026-06-08.
Shared entity: SQL / Shared topic / What happened next / Tension
Simon Willison's Datasette Apps: Claude Artifacts backed by a real database.
Both cover SQL; overlapping topics (data, database); picks up the SQL thread on 2026-06-19.
Shared entity: MCP / Shared topic / What happened next / Tension
CircleCI ships an MCP server wiring pipeline data into coding agents.
Both cover MCP; overlapping topics (data, server); picks up the MCP thread on 2026-06-17.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 9, 2026
- AI generated
- no
- Story unit
- 2026-06-09-akamai-found-three-database-mcp-flaw-classes-and-alibaba-declined-to-patch-one
- Labels
- source-backed, canonical briefing excerpt