CVE-2026-11717
published 2026-06-18CVE-2026-11717: An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When verifying an…
PriorityP259critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.19%
9.4th percentile
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.
When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp struct where the Active field is declared as a pointer to a boolean (*bool). The code only explicitly rejects a token if the response contains a populated active field set to false (if introspectResp.Active != nil && !*introspectResp.Active). If an introspection endpoint responds with a payload that completely omits the mandatory active key, the internal variable remains nil, causing the conditional check to short-circuit. As a result, Toolbox accepts authorization tokens missing the "active" field, granting access to protected tools and underlying data sources.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | googleapis_mcp-toolbox | >= 0 < 1.4.0 | 1.4.0 |
| mcp_toolbox_for_databases | 1.0.0 – 1.3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
ghsa·2026-06-18
CVE-2026-11717 [CRITICAL] CWE-287 googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.
When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp struct where the Active field is declared as a pointer to a boolean (*bool). The code only explicitly rejects a token if the response contains a populated active field set to false (if introspectResp.Active != nil && !*introspectResp.Active). If an introspection endpoint responds with a payload that completely omits the mandatory active key, the internal variable remains nil, causin
VulDB
Google MCP Toolbox for Databases up to 1.3.0 improper authentication (EUVD-2026-37879)
vuldb·2026-06-18
CVE-2026-11717 [CRITICAL] Google MCP Toolbox for Databases up to 1.3.0 improper authentication (EUVD-2026-37879)
A vulnerability was found in Google MCP Toolbox for Databases up to 1.3.0. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2026-11717. The attack is possible to be carried out remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published