A vulnerability marked as critical has been reported in sysown proxysql up to 3.0.8 . Affected is an unknown function of the file /mcp/query . This manipulation causes incomplete blacklist. This vulnerability is handled as CVE-2026-48774 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.