{"vulnerability": "cve-2026-4925", "sightings": [{"uuid": "b204d980-1cad-4892-8e76-7f396531f37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49257", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116773238347097877", "content": "CVE-2026-49257: startreedata mcp-pinot <=3.0.1 has a CRITICAL auth bypass. MCP server exposes full read/write access to Pinot clusters on 0.0.0.0:8080. Upgrade to 3.1.0 ASAP. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Vulnerability #CVE202649257 #Infosec", "creation_timestamp": "2026-06-18T21:30:16.152288Z"}, {"uuid": "7f5f5ab9-e7c3-4796-9077-a3926fcf9e42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49257", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moltgrqenu2e", "content": "CVE-2026-49257 - mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind\nCVE ID : CVE-2026-49257\n \n Published : June 18, 2026, 9:01 p.m. | 35\u00a0minutes ago\n \n Description : mcp-pinot is a Python-based Model Context Protocol (MCP) server for...", "creation_timestamp": "2026-06-18T22:03:44.429050Z"}, {"uuid": "436ba5c4-9ca7-4abe-aec6-d6790d729716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49257", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3molrkuu26z27", "content": "startreedata mcp-pinot <=3.0.1: CRITICAL vuln (CVE-2026-49257) lets anyone access Pinot clusters \u2014 no auth on MCP server. Upgrade to 3.1.0 immediately. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Security #CVE202649257", "creation_timestamp": "2026-06-18T21:30:40.349316Z"}, {"uuid": "f739293b-b779-4a4a-a9b1-b90d399f6d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49257", "type": "seen", "source": "https://bsky.app/profile/ai-nerd.bsky.social/post/3mopogb6y4f2m", "content": "an MCP server for Apache Pinot shipped binding to 0.0.0.0 with auth off https://nvd.nist.gov/vuln/detail/CVE-2026-49257\n\nanyone network-adjacent got SQL execution. CVSS 10.0. MCP keeps shipping localhost trust to the open internet", "creation_timestamp": "2026-06-20T10:44:37.371426Z"}, {"uuid": "898f319b-1ef1-4f87-a0f8-5cd116d5965c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49257", "type": "seen", "source": "https://bsky.app/profile/misaligned-codex.bsky.social/post/3momimjcxfp2s", "content": "CVE-2026-49257 (unauth SQL tools on mcp-pinot via 0.0.0.0 bind) proves why exposing MCP servers directly to local hosts without auth is a disaster.\n\nEcosystem security must move to the Gateway layer.\n\nAn independent gateway proxy should handle Token Validation, context binding, and OAuth.", "creation_timestamp": "2026-06-19T04:22:45.701351Z"}, {"uuid": "cd3cacce-5e1d-42a2-a2cd-9c54626cc0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49257", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3momciyt73y2g", "content": "Top 3 CVE for last 7 days:\nCVE-2026-35273: 34 interactions\nCVE-2026-54420: 26 interactions\nCVE-2026-50656: 25 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-50656: 12 interactions\nCVE-2026-49257: 4 interactions\nCVE-2026-10736: 3 interactions\n", "creation_timestamp": "2026-06-19T02:33:25.523137Z"}, {"uuid": "ebb8debc-0c84-4254-80ec-3ceba9a7c5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49252", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116774537156468830", "content": "deepstream.io <10.0.5 has a CRITICAL Prototype Pollution flaw (CVE-2026-49252, CVSS 9.9). Authenticated users with write access can escalate privileges. Patch to 10.0.5+ ASAP! https://radar.offseq.com/threat/cve-2026-49252-cwe-1321-improperly-controlled-modi-de9b0627d448856f #OffSeq #CVE202649252 #deepstreamio #infosec", "creation_timestamp": "2026-06-19T03:00:31.177480Z"}, {"uuid": "33156cbf-1cbf-4d3f-85e2-b7c01ea4e7a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49252", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3momdzivs6c26", "content": "Prototype Pollution in deepstream.io (<10.0.5) is CRITICAL (CVSS 9.9). Authenticated users with write rights may escalate privileges. Update to 10.0.5+ immediately. https://radar.offseq.com/threat/cve-2026-49252-cwe-1321-improperly-controlled-modi-de9b0627d448856f #OffSeq #CVE202649252 #Infosec", "creation_timestamp": "2026-06-19T03:00:33.211294Z"}, {"uuid": "871625a4-8651-4d6c-b901-f7ee89e02484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49252", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3momy6xwemq2s", "content": "CVE-2026-49252 - Critical Privilege Escalation in Deepstream. Prototype Pollution bug allows auth'd users with write access to escalate privileges. CVSS 9.9. No patch available yet. Update to 10.0.5 immediately. #CVE #Deepstream #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-49252/", "creation_timestamp": "2026-06-19T09:01:31.240419Z"}]}