CVE-2026-56287: A Boolean-based blind vulnerability exists in Apache Fineract’s Client Search API (17th July 2026)

Preface: AI systems use Apache Fineract’s Client Search API through AI-to-banking bridges like Model Context Protocol (MCP) servers. [1, 2]

The OpenMF (Mifos Initiative) community actively maintains mcp-mifosx, an MCP server designed to connect Large Language Models (LLMs) and AI agents to the Apache Fineract core banking platform. When an AI assistant handles customer analysis, automated loan processing, or fraud detection, it relies heavily on the Client Search API to locate customer profiles, verify financial details, and navigate banking data.

Individual AI model inherently owns or hardcodes Apache Fineract’s Client Search API. Instead, any LLM or AI model (such as Anthropic’s Claude, OpenAI’s GPT-4o, or Google’s Gemini) can use this API by leveraging the newly standardized Model Context Protocol (MCP).

Background: In versions up to and including 1.14.0, Apache Fineract fails to properly validate the orderBy and sortOrder request parameters in its Client Search API.

Developers often use parameterized queries (Prepared Statements) for standard WHERE clauses. However, SQL syntax does not allow parameters for ORDER BY column names or directions. Because of this, developers sometimes make the mistake of using raw string concatenation for sorting clauses.

An authenticated user can inject arbitrary SQL queries. Because the backend database behavior (like the order or presence of returned items) changes depending on whether an injected True/False logic statement matches, attackers can extract full database schemas and records character-by-character. On MySQL or MariaDB, it can even trigger LOAD_FILE() to read local system files.

From technical point of view, MCP servers act as bridges connecting Large Language Models (LLMs) to enterprise data tools. If an AI agent interacts with the Fineract API hosted on your MCP server, an attacker could abuse the agent via indirect prompt injection (e.g., feeding the AI a malicious string via user profile fields) to silently trigger the blind SQLi payload.

Furthermore, AI agents often operate under a perimeter of trusted workflows. A successful boolean blind SQLi can leak sensitive credentials from your database or local server files. The attacker can then force the MCP server to abuse its broad integrations (like executing host commands or calling external APIs).

Vulnerability details: A boolean-based SQL Injection vulnerability exists in Apache Fineract’s Client Search API (GET /api/v1/clients) in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view clients to inject arbitrary SQL via a crafted orderBy value. This can be leveraged to perform blind boolean-based data extraction and, on MySQL/MariaDB, to disclose arbitrary files readable by the database process via the LOAD_FILE() function. Users are recommended to upgrade to a version containing the fix.

Affected versions:

  • Apache Fineract 1.14.0
  • Apache Fineract 1.15.0 unaffected

Official announcement: Please refer to the link for details –

https://www.tenable.com/cve/CVE-2026-56287

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.