Is Mcp Mssql Server safe to use?

Mcp Mssql Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp Mssql Server?

Mcp Mssql Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp Mssql Server do?

Mcp Mssql Server provides 13 tools: query_database, list_tables, describe_table, exec_sp, benchmark_query and 8 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Mssql Server?

Mcp Mssql Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Mcp Mssql Server actively maintained?

Mcp Mssql Server is recently maintained — last commit was 60 days ago. It has 1 GitHub stars.

Mcp Mssql Server

Name: Mcp Mssql Server
Author: syamil09

@anthropic-ai/claude-code · by syamil09

1 8.4M/wk 13 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 60d ago

Works with most clients

Transport: stdio, http

13 tools · ~1.0k tok

Grade B · 0.5% of 200K ctx

Edit this pageView history

Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mssql": {
      "cwd": "C:/path/to/mcp-mssql-server",
      "env": {
        "MSSQL_CONNECTION_STRING": "sqlserver://user:password@host:1433?database=mydb&encrypt=disable"
      },
      "args": [
        "run",
        "."
      ],
      "command": "go"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-mssql-server)](https://mcppedia.org/s/mcp-mssql-server)

Read me

What Mcp Mssql Server does

A read-only MCP (Model Context Protocol) server that connects AI agents like Claude Code to Microsoft SQL Server databases — including SSIS ETL package analysis. Single Go binary, zero dependencies, defense-in-depth security.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@anthropic-ai/claude-code' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

25 fixed

CVE-2026-40068medium · fixedCVSS 4

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Claude Code used the git worktree `commondir` file when determining folder trust but did not validate its contents. By crafting a repository with a `commondir` file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks defined in `.claude/settings.json`. Exploiting this required the victim to clone a malicious repository and run Claude Code within it, and for the attacker to know or guess a path the victim had alre

Affected: >= 2.1.63Fixed in 2.1.84source →

CVE-2026-39861low · fixedCVSS 3.1

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination

Affected: >= 0Fixed in 2.1.64source →

CVE-2026-35603low · fixedCVSS 3.1

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode` subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching

Affected: >= 0Fixed in 2.1.75source →

CVE-2026-33068medium · fixedCVSS 4

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code resolved the permission mode from settings files, including the repo-controlled `.claude/settings.json`, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set `permissions.defaultMode` to `bypassPermissions` in its committed `.claude/settings.json`, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing the trust confirmation prompt, making it easie

Affected: >= 0Fixed in 2.1.53source →

CVE-2026-25725medium · fixedCVSS 4

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks (such as SessionStart commands) that would execute with ho

Affected: >= 0Fixed in 2.1.2source →

Inventory

Tools (13)

Click any tool to inspect its schema.

~1.0k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Mssql Server safe to use?: Mcp Mssql Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Mssql Server?: Mcp Mssql Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Mssql Server do?: Mcp Mssql Server provides 13 tools: query_database, list_tables, describe_table, exec_sp, benchmark_query and 8 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Mssql Server?: Mcp Mssql Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Mssql Server actively maintained?: Mcp Mssql Server is recently maintained — last commit was 60 days ago. It has 1 GitHub stars.

Similar servers

Others in data

View all →

PostgreSQL MCP Server98

Query and manage PostgreSQL databases directly from AI assistants

86.4k 1

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.4k 4

Supabase MCP Server95

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

Alpha Vantage Mcp95

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

158 3

MCP Security Weekly

Get CVE alerts and security updates for Mcp Mssql Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mssql": {
      "cwd": "C:/path/to/mcp-mssql-server",
      "env": {
        "MSSQL_CONNECTION_STRING": "sqlserver://user:password@host:1433?database=mydb&encrypt=disable"
      },
      "args": [
        "run",
        "."
      ],
      "command": "go"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-mssql-server)](https://mcppedia.org/s/mcp-mssql-server)

Read me

What Mcp Mssql Server does

A read-only MCP (Model Context Protocol) server that connects AI agents like Claude Code to Microsoft SQL Server databases — including SSIS ETL package analysis. Single Go binary, zero dependencies, defense-in-depth security.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@anthropic-ai/claude-code' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

mcp-mssql

A read-only MCP (Model Context Protocol) server that connects AI agents like Claude Code to Microsoft SQL Server databases — including SSIS ETL package analysis. Single Go binary, zero dependencies, defense-in-depth security.

Architecture

Claude AI (cloud) <-- HTTPS --> Claude Code (local) <-- stdio --> mcp-mssql (local) <-- TCP 1433 --> SQL Server
                                                                       |
                                                                       +-- File I/O --> .dtsx packages (SSIS)

SQL Server is never exposed to the internet. All database traffic stays local. SSIS tools parse .dtsx files directly from a configured path.

Features

Read-only enforcement -- only SELECT and WITH (CTE) queries allowed
Dangerous keyword blocking -- INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, TRUNCATE, EXEC, EXECUTE, XP_CMDSHELL, OPENROWSET, BULK INSERT, MERGE, and semicolons are blocked using word-boundary regex matching
Table blocklist -- explicitly block sensitive tables via config; blocked tables are hidden from list_tables and describe_table
Column masking -- sensitive columns (e.g., password, salary, credit_card) are automatically stripped from query results
Auto row limiting -- TOP N injected into queries missing a row limit (default: 100, configurable)
Audit logging -- every query logged with [AUDIT] tag (status, row count, query text); every table access logged with [ACCESS] tag
Per-project config -- one binary, different .mcp-mssql-config.json per project
Parameterized queries -- describe_table uses @p1 parameters to prevent SQL injection
Single binary -- no runtime dependencies; share the .exe with your team, no Go installation required
Stored procedure execution -- safely execute read-only SPs with definition inspection
Query benchmarking -- compare execution time and row counts between queries
SSIS package analysis -- parse .dtsx files for control flow, data flow, table references, and column mappings
SSISDB catalog integration -- list deployed packages and execution history from the server
TOON output format -- optional token-optimized output that reduces token usage by 30-60%

MCP Tools

Database Tools

Tool	Description	Parameters
`query_database`	Execute a SELECT query. Auto-limited, validated, column-masked.	`sql` (required)
`list_tables`	List all queryable tables. Blocked tables excluded.	none
`describe_table`	Get column names, data types, nullability. Parameterized.	`table_name` (required)
`exec_sp`	Execute a read-only stored procedure. SP definition inspected first.	`procedure` (required), `params`
`benchmark_query`	Compare query performance (time + row count, no data returned).	`query1` (required), `query2`

SSIS Tools (File-based)

Parse .dtsx files from the configured project_ssis_path.

Tool	Description	Parameters
`ssis_list_packages`	List all `.dtsx` packages in the configured path.	none
`ssis_control_flow`	Extract task sequence, types, and embedded SQL from a package.	`package_name` (required)
`ssis_data_flow`	Extract data flow components, table names, SQL queries, column mappings.	`package_name` (required)
`ssis_impact_check`	Scan ALL packages for references to a table or column. Use before schema changes.	`table_name` (required), `column_name`
`ssis_table_refs`	List all tables a single package reads from or writes to.	`package_name` (required)
`ssis_schema_validate`	Cross-reference a package against the live DB schema. Reports missing tables/columns.	`package_name` (required)

SSIS Tools (Database-backed)

Query the SSISDB catalog for deployed packages and execution history.

| Tool | Description | Parameters |

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

25 fixed

CVE-2026-40068medium · fixedCVSS 4

Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution

Affected: >= 2.1.63Fixed in 2.1.84source →

CVE-2026-39861low · fixedCVSS 3.1

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Affected: >= 0Fixed in 2.1.64source →

CVE-2026-35603low · fixedCVSS 3.1

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

Affected: >= 0Fixed in 2.1.75source →

CVE-2026-33068medium · fixedCVSS 4

Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Affected: >= 0Fixed in 2.1.53source →

CVE-2026-25725medium · fixedCVSS 4

Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json

Affected: >= 0Fixed in 2.1.2source →

Inventory

Tools (13)

Click any tool to inspect its schema.

~1.0k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Mssql Server safe to use?: Mcp Mssql Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Mssql Server?: Mcp Mssql Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Mssql Server do?: Mcp Mssql Server provides 13 tools: query_database, list_tables, describe_table, exec_sp, benchmark_query and 8 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Mssql Server?: Mcp Mssql Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Mssql Server actively maintained?: Mcp Mssql Server is recently maintained — last commit was 60 days ago. It has 1 GitHub stars.