A vulnerability was found in designcomputer mysql-mcp-server up to 0.2.2 . It has been rated as critical . The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI Handler . This manipulation of the argument uri_str causes sql injection. This vulnerability is registered as CVE-2026-11529 . Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is advised.