CVE-2026-11718
published 2026-06-18CVE-2026-11718: An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When the toolbox…
PriorityP358critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.20%
10.5th percentile
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.
When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an introspectResp struct. However, the subsequent claim-checking logic (validateClaims) evaluates the issuer condition as if a.issuer != "" && iss != "". If the external OAuth provider's introspection response omits the optional iss (issuer) field completely, the variable iss defaults to an empty string. This causes the conditional block to evaluate to false and be skipped silently. Consequently, the application accepts tokens issued by unauthorized or unintended third-party identity providers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | googleapis_mcp-toolbox | >= 0 < 1.4.0 | 1.4.0 |
| mcp_toolbox_for_databases | 1.0.0 – 1.3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
ghsa·2026-06-18
CVE-2026-11718 [CRITICAL] CWE-287 googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken)
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox.
When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an introspectResp struct. However, the subsequent claim-checking logic (validateClaims) evaluates the issuer condition as if a.issuer != "" && iss != "". If the external OAuth provider's introspection response omits the optional iss (issuer) field completely, the variable iss defaults to an empty string. This causes the conditional block to evaluate to false and be skipped silently. Consequently, the appli
VulDB
Google MCP Toolbox for Databases up to 1.3.0 iss improper authentication (EUVD-2026-37880)
vuldb·2026-06-18
CVE-2026-11718 [CRITICAL] Google MCP Toolbox for Databases up to 1.3.0 iss improper authentication (EUVD-2026-37880)
A vulnerability was found in Google MCP Toolbox for Databases up to 1.3.0. It has been classified as critical. Affected is an unknown function. Performing a manipulation of the argument iss results in improper authentication.
This vulnerability is known as CVE-2026-11718. Remote exploitation of the attack is possible. No exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published