MCP vulnerability case study: SQL injection in the Postgres MCP server

**Executive summary:** Datadog security research identified a SQL injection flaw in the archived Anthropic Postgres MCP server (v0.6.2 on NPM) that permits stacked SQL statements to break out of enforced read-only transactions (for example by issuing COMMIT;) and perform arbitrary write operations or change session variables; a working proof-of-concept and exploitation scenarios (including DROP SCHEMA) are provided, and fixes are available in a Zed Industries fork and an upstream pull request—users are advised to avoid the deprecated server in production or migrate to patched builds and follow least-privilege practices.