What is GHSA-37j4-5858-49mq?

GHSA-37j4-5858-49mq is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability was found in j3k0 mcp-google-workspace up to...

Which CVE IDs does GHSA-37j4-5858-49mq cover?

GHSA-37j4-5858-49mq covers the following CVE IDs: CVE-2026-10277. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-37j4-5858-49mq?

GHSA-37j4-5858-49mq has a CVSS v3 base score of 6.3, published by GitHub Security Advisories.

GHSA-37j4-5858-49mqLowCVSS 6.3

A vulnerability was found in j3k0 mcp-google-workspace up to...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-10277 →

📋 Description

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 89c091ecf8b9f9c7291d1af0b1966e271f86551c. It is suggested to install a patch to address this issue.

🔗 References (10)

https://nvd.nist.gov/vuln/detail/CVE-2026-10277
https://github.com/j3k0/mcp-google-workspace/issues/19
https://github.com/j3k0/mcp-google-workspace/pull/22
https://github.com/j3k0/mcp-google-workspace/commit/89c091ecf8b9f9c7291d1af0b1966e271f86551c
https://github.com/j3k0/mcp-google-workspace
https://vuldb.com/cve/CVE-2026-10277
https://vuldb.com/submit/825416
https://vuldb.com/vuln/367570
https://vuldb.com/vuln/367570/cti
https://github.com/advisories/GHSA-37j4-5858-49mq