corebasehq/coremcp

v0.4.9 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 8d MCP Data & Storage

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

database-bridge go legacy-systems llm-ops mcp mcp-server

+1 more

mssql

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 8d

The release swaps the AST-based validator for a T‑SQL aware lexer to enhance security.

Why it matters: Security improvements affect the lexer and validation pipeline; severity rated 90.

Summary

AI summary

Security fix: T‑SQL aware lexer replaces AST‑based validator.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Replaces AST-based validator with T‑SQL aware lexer for security improvements. Replaces AST-based validator with T‑SQL aware lexer for security improvements. Source: llm_adapter@2026-05-26 Confidence: high	—

Changelog

Changes in v0.4.9

security: T-SQL aware lexer replaces AST-based validator (v0.4.9) (41291ff)

Security Fixes

Security: T‑SQL aware lexer replaces AST‑based validator.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track corebasehq/coremcp

Get notified when new releases ship.

About corebasehq/coremcp

A secure, tunnel-native database bridge for AI agents. Connects localhost & on-premise databases (MSSQL, etc.) to LLMs with AST-based query safety and PII masking.

All releases →