mssql-mcp-server
by sugiruu
Overview
Provides a simple MCP server with tools to execute queries and retrieve metadata from an MSSQL database.
Installation
python mssql_mcp_server.pyEnvironment Variables
- MSSQL_SERVER
- MSSQL_USER
- MSSQL_PASSWORD
Security Notes
The `run_query` tool directly executes the provided `sql` string using `cur.execute(sql)` without any parameterization or sanitization. This is a critical SQL injection vulnerability, allowing an attacker to execute arbitrary SQL commands on the connected database if they can send requests to the MCP server. Although database credentials are read from environment variables or a .env file (a standard and generally acceptable practice for configuration), the direct SQL execution poses a severe risk.
Similar Servers
jewei-mssql-mcp-server
Provides a Micro-Agent Protocol (MCP) server for querying Microsoft SQL Server databases and retrieving table structures.
MsSqlMCP
Provides an MCP Server for SQL Server database schema inspection and safe, read-only query execution to AI clients.
mssql-mcp-server
Provides an enterprise-grade Model Context Protocol server for Microsoft SQL Server, enabling schema discovery, data operations, profiling, and administration with strong governance controls.
mssql-read-only-mcp
This server provides a lightweight, read-only interface for interacting with an MSSQL database, allowing users to list tables, describe their structure, and execute SELECT queries.