Mcp Toolbox For Databases Googleapis Mcp Toolbox
Monthly
Authorization bypass in Google's MCP Toolbox for Databases (googleapis/mcp-toolbox) allows authenticated low-privilege clients to invoke high-privilege tools by selecting a legacy MCP protocol version. The flaw stems from missing scopesRequired enforcement in the 2025-06-18, 2025-03-26, and 2024-11-05 protocol handlers, and is reachable simply by omitting the MCP-Protocol-Version header so the server falls back to the vulnerable 2024-11-05 default. No public exploit identified at time of analysis, but the upstream fix (PR #3335) confirms the issue and its trivial triggering condition.
Authentication bypass in googleapis/mcp-toolbox allows remote unauthenticated attackers to gain access by presenting opaque OAuth tokens issued by unauthorized identity providers. The flaw lives in validateOpaqueToken's claim-checking logic, which silently skips issuer validation when an OAuth 2.0 introspection response omits the optional iss field. No public exploit identified at time of analysis, but the upstream fix in PR #3360 confirms the defect and CVSS 4.0 scores it 9.3 (Critical).
Authentication bypass in googleapis/mcp-toolbox lets remote unauthenticated attackers reach protected tools and backing data sources by submitting an OAuth 2.0 introspection response that omits the mandatory 'active' field. Because validateOpaqueToken stores Active as *bool and only rejects when the pointer is non-nil and false, a nil value falls through as authorized. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 and trivial logic flaw make this a priority fix.
Authorization bypass in Google's MCP Toolbox for Databases (googleapis/mcp-toolbox) allows authenticated low-privilege clients to invoke high-privilege tools by selecting a legacy MCP protocol version. The flaw stems from missing scopesRequired enforcement in the 2025-06-18, 2025-03-26, and 2024-11-05 protocol handlers, and is reachable simply by omitting the MCP-Protocol-Version header so the server falls back to the vulnerable 2024-11-05 default. No public exploit identified at time of analysis, but the upstream fix (PR #3335) confirms the issue and its trivial triggering condition.
Authentication bypass in googleapis/mcp-toolbox allows remote unauthenticated attackers to gain access by presenting opaque OAuth tokens issued by unauthorized identity providers. The flaw lives in validateOpaqueToken's claim-checking logic, which silently skips issuer validation when an OAuth 2.0 introspection response omits the optional iss field. No public exploit identified at time of analysis, but the upstream fix in PR #3360 confirms the defect and CVSS 4.0 scores it 9.3 (Critical).
Authentication bypass in googleapis/mcp-toolbox lets remote unauthenticated attackers reach protected tools and backing data sources by submitting an OAuth 2.0 introspection response that omits the mandatory 'active' field. Because validateOpaqueToken stores Active as *bool and only rejects when the pointer is non-nil and false, a nil value falls through as authorized. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 and trivial logic flaw make this a priority fix.