Security researchers discovered critical vulnerabilities in three widely used Model Context Protocol (MCP) servers—Apache Doris, Apache Pinot, and Alibaba RDS—stemming from insufficient back-end security validation. These flaws include SQL injection (CVE-2025-66335), missing authentication, and unauthenticated data exposure, allowing attackers to execute arbitrary commands or exfiltrate sensitive database metadata.