Techly NewsGet the app

Get the latest tech news

Supabase MCP can leak an entire SQL Database, a lethal trifecta attack


Here's yet another example of a lethal trifecta attack, where an LLM system combines access to private data, exposure to potentially malicious instructions and a mechanism to communicate data back …

The cursor assistant operates the Supabase database with elevated access via the service_role, which bypasses all row-level security (RLS) protections. Most lethal trifecta MCP attacks rely on users combining multiple MCPs in a way that exposes the three capabilities at the same time. If you configure their MCP as read-only you remove one leg of the trifecta - the ability to communicate data to the attacker, in this case through database writes.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of SQL database

SQL database

Photo of entire SQL Database

entire SQL Database

Photo of Supabase MCP

Supabase MCP

Related news:

News photo

Directus – real-time REST and GraphQL API of any SQL database

News photo

TiDB – cloud-native, distributed SQL database written in Go

News photo

Show HN: Node.js ORM to query SQL database through an array-like API

« Google Maps finally arrives select Garmin smartwatches for easy navigation
Brut: A New Web Framework for Ruby »