| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44968 |
medium |
— |
5.5 |
14d ago |
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters |
|
| CVE-2026-44970 |
low |
— |
2.5 |
14d ago |
dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction |
|
| CVE-2026-44969 |
low |
— |
2.5 |
14d ago |
dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled |
|