← The Wire

Security2026-06-09 · source-backed

Akamai found three database-MCP flaw classes, and Alibaba declined to patch one.

Confidence
source-backed
Sources
1
Redaction
passed

Story

Akamai disclosed SQL injection in the Apache Doris MCP server, an unauthenticated metadata-exfiltration flaw in Alibaba's RDS MCP, and a potential takeover in Apache Pinot's MCP. The failure modes are boring and that's the point. Unsanitized SQL input, missing authentication, unauthenticated data exposure. Classic web-app bugs shipping in MCP servers because nobody treated the MCP layer as a real network boundary. "One is a fluke, three is a pattern." If you expose a database through MCP, parameterize every query, require auth on every endpoint, and run it through the same review you'd give any public API.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / Earlier coverage

    MCP server sprawl is now the dominant agent supply-chain risk: 12,520 exposed services, ~40% with no auth.

    Both cover Akamai, Apache Doris MCP, MCP, SQL; overlapping topics (akamai, alibaba, apache, auth, server); earlier Akamai coverage from 2026-06-05.

  2. Three Critical MCP Database Server Flaws Found. Alibaba Won't Patch.

    Both cover Alibaba, Apache Pinot, MCP, SQL; overlapping topics (alibaba, apache, database, flaw, server); earlier Alibaba coverage from 2026-05-25.

  3. Shared entities / Shared topic / What happened next

    The MCP supply chain has a hole in the floor, and it's being exploited right now

    Both cover Akamai, MCP; overlapping topics (auth, flaw, server); picks up the Akamai thread on 2026-06-17.

  4. mcp-pinot exposes SQL tools with no login required

    Both cover MCP, SQL; overlapping topics (auth, server); picks up the MCP thread on 2026-07-01.

  5. Shared entity: MCP / Shared topic / Earlier coverage / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover MCP; overlapping topics (auth, authentication, server); earlier MCP coverage from 2026-03-23.

  6. Shared entity: MCP / Shared topic / Earlier coverage

    MCP's attack surface keeps widening: 1,467 exposed servers, 67 CVEs from one automated sweep.

    Both cover MCP; overlapping topics (auth, flaw, server, unauthenticated); earlier MCP coverage from 2026-06-08.

  7. Shared entity: SQL / Shared topic / What happened next / Tension

    Simon Willison's Datasette Apps: Claude Artifacts backed by a real database.

    Both cover SQL; overlapping topics (data, database); picks up the SQL thread on 2026-06-19.

  8. Shared entity: MCP / Shared topic / What happened next / Tension

    CircleCI ships an MCP server wiring pipeline data into coding agents.

    Both cover MCP; overlapping topics (data, server); picks up the MCP thread on 2026-06-17.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-09-akamai-found-three-database-mcp-flaw-classes-and-alibaba-declined-to-patch-one
Labels
source-backed, canonical briefing excerpt