Security Advisory - Published 2026-06-22 - MCP / System Library

Apache Doris MCP and libxml2: check query exposure and XML parser crashes

Apache Doris MCP Server risk sits at the database access boundary. libxml2 risk usually shows up inside apps, gateways, scanners, and import jobs that parse untrusted XML. Treat both as infrastructure issues: patch, preserve logs, then narrow exposure before returning the service to normal traffic.

Defensive scope: this page covers owned services only. It does not include SQL probes, crafted XML samples, or unauthorized scanning steps.

Affected systems

CVEProductAffected / fixedReviewCVSS
CVE-2025-66336Apache Doris MCP Server0.6.1Upgrade Apache Doris MCP Server to 0.6.1 or newer and review metadata query logs8.1
CVE-2026-6653libxml22.9.11-2.11.0Patch libxml2 through OS packages and review services that parse untrusted XML7.0

Owner self-check

python -m pip show doris-mcp-server 2>/dev/null
ps aux | grep -i 'doris.*mcp' | grep -v grep
grep -Rni 'doris-mcp\\|metadata\\|query\\|auth\\|permission\\|error' /var/log /opt /srv 2>/dev/null | tail -120
ldconfig -p 2>/dev/null | grep -i libxml2
dpkg -l 'libxml2*' 2>/dev/null || rpm -qa | grep -i '^libxml2'
grep -Rni 'xmlParseInternalSubset\\|libxml2\\|xml parser\\|segfault\\|core dumped' /var/log 2>/dev/null | tail -120

What to review

  • Apache Doris MCP Server version and whether the MCP transport is reachable outside trusted networks.
  • Authentication state for MCP clients. Anonymous or shared access raises the priority of log review.
  • Doris audit logs for metadata queries outside the expected database, catalog, or service-account scope.
  • Applications that parse XML from uploads, feeds, SAML, SOAP, office documents, scanners, or partner integrations.
  • Recent crashes, worker restarts, segmentation faults, and XML parser errors around public import paths.

Safe fix path

  1. Upgrade Apache Doris MCP Server to 0.6.1 or newer. Keep the MCP endpoint private unless there is a clear business need.
  2. Patch libxml2 through the operating system package channel and restart services that load the library.
  3. Restrict MCP network access, enforce authentication, and use least-privilege Doris credentials.
  4. Preserve MCP, Doris, application, reverse-proxy, and system crash logs before cleanup.
  5. Re-run application health checks after patching. Shared libraries can stay loaded until services restart.

Repair help

Use Ping7 CVE Repair when a Doris MCP endpoint was public, metadata queries look unusual, XML parser crashes match the advisory window, or several services need coordinated patching and restart validation.

References

Author: Ping7 security team - Published: 2026-06-22 - Apache Doris MCP and libxml2 - Defensive self-check only.