1 vulnerabilities across 1 products scored HIGH or above on June 13, 2026.
- HIGH: 1
[HIGH] google/mcp_toolbox_for_databases
1 CVE | CVSS 4.0: 9.4 | AAS 10.5
Google’s MCP Toolbox for Databases versions prior to 0.25.0 contain a DNS rebinding vulnerability (CVE-2026-11624, CVSS 9.4) that allows attackers to bypass access controls by manipulating the Origin header on incoming connections. The vulnerability affects deployments where servers fail to validate incoming connection origins, potentially exposing applications and data access. Organizations should upgrade to version 0.25.0 or later, which introduces the “–allowed-hosts” flag to enable strict host validation and prevent DNS rebinding attacks.
- CVE-2026-11624 (CVSS 4.0: 9.4)