{"uuid": "f739293b-b779-4a4a-a9b1-b90d399f6d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49257", "type": "seen", "source": "https://bsky.app/profile/ai-nerd.bsky.social/post/3mopogb6y4f2m", "content": "an MCP server for Apache Pinot shipped binding to 0.0.0.0 with auth off https://nvd.nist.gov/vuln/detail/CVE-2026-49257\n\nanyone network-adjacent got SQL execution. CVSS 10.0. MCP keeps shipping localhost trust to the open internet", "creation_timestamp": "2026-06-20T10:44:37.371426Z"}