Vulnerability Details CVE-2026-33060
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network services. There is no URL validation on base_url parameter. No private IP blocking (RFC 1918, link-local 169.254.x.x), no cloud metadata blocking. The sparql_query and ckan_datastore_search_sql tools also accept arbitrary base URLs and expose injection surfaces. An attack can lead to internal network scanning, cloud metadata theft (IAM credentials via IMDS at 169.254.169.254), potential SQL/SPARQL injection via unsanitized query parameters. Attack requires prompt injection to control the base_url parameter. This issue has been fixed in version 0.4.85.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.3%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2026-33060
-
cpe:2.3:a:ondata:ckan_mcp_server:0.3.0
-
cpe:2.3:a:ondata:ckan_mcp_server:0.3.1
-
cpe:2.3:a:ondata:ckan_mcp_server:0.3.2
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.0
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.1
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.10
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.11
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.12
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.13
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.14
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.15
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.16
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.17
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.18
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.19
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.2
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.20
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.21
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.22
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.23
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.24
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.25
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.26
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.27
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.28
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.29
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.3
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.30
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.31
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.32
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.33
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.34
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.35
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.36
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.37
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.38
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.39
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.4
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.40
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.41
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.42
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.43
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.44
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.45
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.46
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.47
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.48
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.49
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.5
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.50
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.51
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.52
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.53
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.54
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.55
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.56
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.57
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.58
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.59
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.6
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.60
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.61
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.62
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.63
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.64
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.65
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.66
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.67
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.68
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.69
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.7
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.71
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.72
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.73
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.74
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.75
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.76
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.77
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.78
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.79
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.8
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.80
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.81
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.82
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.83
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.84
-
cpe:2.3:a:ondata:ckan_mcp_server:0.4.9