cbcvebase.

Github.Com Googleapis Mcp-Toolbox vulnerabilities

3 known vulnerabilities affecting github.com/googleapis_mcp-toolbox.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2026-11717P2CRITICAL≥ 0, < 1.4.02026-06-18
CVE-2026-11717 [CRITICAL] CWE-287 googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection en
ghsa
CVE-2026-11718P3CRITICAL≥ 0, < 1.4.02026-06-18
CVE-2026-11718 [CRITICAL] CWE-287 googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) googleapis/mcp-toolbox: authentication bypass vulnerability in the generic opaque token validation path (validateOpaqueToken) An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection
ghsa
CVE-2026-11719P3HIGH≥ 0, < 1.4.02026-06-18
CVE-2026-11719 [HIGH] CWE-862 MCP Toolbox for Databases: authenticated authorization bypass MCP Toolbox for Databases: authenticated authorization bypass An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) om
ghsa
Github.Com Googleapis Mcp-Toolbox vulnerabilities | cvebase