Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Hyperterse: Database Queries Leaked in Search Tool
CVE-2026-31841
GHSA-92gp-jfgx-9qpv
GHSA-92gp-jfgx-9qpv
Summary
Hyperterse's search tool exposed sensitive database queries to users. This made it possible for unauthorized parties to see and potentially misuse these queries. Hyperterse has fixed this issue in version 2.2.0, so users should update to this version or later to prevent exposure.
What to do
- Update hyperterse to version 2.2.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | hyperterse | > 2.0.0 , <= 2.2.0 | 2.2.0 |
Original title
Hyperterse: Raw exposure of database statements in MCP search tool
Original description
Hyperterse allows users to specify database queries for tools to execute under the hood. As of [v2.0.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.0.0), there are only two tools exposed - `search` and `execute`.
The `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly.
This issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.
The `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly.
This issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.
nvd CVSS3.1
6.5
Vulnerability type
CWE-433
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026