Akamai Researcher Exposes Three Critical MCP Protocol Flaws; Alibaba Refuses to Patch RDS Vulnerability

A security researcher at Akamai has identified three high-severity vulnerabilities in Model Context Protocol (MCP) server implementations used by major database platforms, including one vendor—Alibaba—whose response was to decline patching entirely. The findings, scheduled for full presentation at the x33fcon security conference next month, expose significant attack surfaces in infrastructure serving AI agents and large language model applications.

The most critical flaw affects Apache Doris, where a security weakness enables attackers to execute unintended SQL statements against connected databases. Apache issued an official patch and assigned a CVE tracking number in response. A second vulnerability in the MCP implementation for Alibaba RDS allows unauthorized exfiltration of sensitive metadata from the cloud database service. The third flaw, present in Apache Pinot's MCP server, creates a potential remote code execution path for attackers targeting internet-facing instances. Apache has opened a public ticket in the MCP Pinot GitHub repository for that issue.

Alibaba's refusal to remediate its RDS vulnerability raises immediate concerns for organizations operating the service. Security analyst Tomer Peled, who authored the technical disclosure, noted the decision leaves customers with an unpatched attack vector. MCP, the open-source protocol originally developed by Anthropic, serves as a critical bridge enabling LLMs and AI agents to interact with external data sources, systems, and applications. The protocol's growing adoption across enterprise AI deployments amplifies the significance of these findings. Organizations using any of the affected MCP implementations should verify their current patch status and evaluate exposure, particularly for Pinot instances accessible from public networks.