github.com/googleapis/mcp-toolbox
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/googleapis/mcp-toolboxpage 1 of 1
- CVE-2026-11717CRITICALCVSS 9.3EG 9.3✓ Fixed in 1.4.02026-06-18
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the too…
- CVE-2026-11718CRITICALCVSS 9.3EG 9.3✓ Fixed in 1.4.02026-06-18
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it d…
- CVE-2026-11719HIGHCVSS 8.6EG 8.6✓ Fixed in 1.4.02026-06-18
An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restriction…
Check whether github.com/googleapis/mcp-toolbox is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/googleapis/mcp-toolbox CVEs against the assets you own.
Start Free Scan →