CVE-2026-9739
9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: * header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE under specification v2024-11-05.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MCP Toolbox for Databases | 0 < PR 3054 (Fix CORS bypass) | affected |
Weaknesses
- CWE-942: CWE-942: Permissive Cross-domain Policy with Untrusted Domains
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/googleapis/mcp-toolbox/issues/3053
- https://github.com/googleapis/mcp-toolbox/pull/3054
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.