Package impact
PIP / dbt-mcp
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44968 | medium | — | 5.5 | 14d ago | dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters | |||
| CVE-2026-44970 | low | — | 2.5 | 14d ago | dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction | |||
| CVE-2026-44969 | low | — | 2.5 | 14d ago | dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled |