Mcp Toolbox For Databases
Monthly
{{.id}} to sensitive endpoints such as /admin/secrets. Carries a CVSS 4.0 base score of 9.3 (critical); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Missing Origin/Host header validation in Google's MCP Toolbox for Databases (Model Context Protocol server) prior to v0.25.0 allows remote attackers to reach the locally-bound HTTP server via DNS rebinding from a victim's browser, abusing the bridge to issue arbitrary tool/database commands. The fix introduces a new --allowed-hosts startup flag (companion to the existing --allowed-origins) that validates inbound Host headers, though both flags retain an insecure-by-default '*' value with only a startup warning. No public exploit identified at time of analysis; the issue was reported internally by Google.
{{.id}} to sensitive endpoints such as /admin/secrets. Carries a CVSS 4.0 base score of 9.3 (critical); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Missing Origin/Host header validation in Google's MCP Toolbox for Databases (Model Context Protocol server) prior to v0.25.0 allows remote attackers to reach the locally-bound HTTP server via DNS rebinding from a victim's browser, abusing the bridge to issue arbitrary tool/database commands. The fix introduces a new --allowed-hosts startup flag (companion to the existing --allowed-origins) that validates inbound Host headers, though both flags retain an insecure-by-default '*' value with only a startup warning. No public exploit identified at time of analysis; the issue was reported internally by Google.