PatchSiren cyber security CVE debrief
CVE-2026-11717 Google CVE debrief
CVE-2026-11717 is a critical authentication bypass vulnerability in Google's MCP Toolbox for Databases. The vulnerability exists in the generic opaque token validation path, specifically in the validateOpaqueToken function. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint, the toolbox decodes the response into an introspectResp struct. If the introspection endpoint responds with a payload omitting the mandatory 'active' key, the internal variable remains nil, causing the conditional check to short-circuit. As a result, Toolbox accepts authorization tokens missing the 'active' field, granting access to protected tools and underlying data sources.
- Vendor
- Product
- MCP Toolbox for Databases (googleapis/mcp-toolbox)
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
This vulnerability affects users of Google's MCP Toolbox for Databases. Organizations using this toolbox should prioritize patching to prevent unauthorized access to their protected tools and data sources.
Technical summary
The vulnerability exists in the validateOpaqueToken function of googleapis/mcp-toolbox. Specifically, when verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the toolbox decodes the response into an introspectResp struct where the Active field is declared as a pointer to a boolean (*bool). The code only explicitly rejects a token if the response contains a populated active field set to false. If an introspection endpoint responds with a payload that completely omits the mandatory active key, the internal variable remains nil, causing the conditional check to short-circuit. As a result, Toolbox accepts authorization tokens missing the 'active' field, granting access to protected tools and underlying data sources.
Defensive priority
High
Recommended defensive actions
- Apply the official patch from Google as soon as possible.
- Review and update authentication configurations for the MCP Toolbox.
- Monitor for suspicious activity related to authentication and token validation.
- Consider implementing additional security measures such as multi-factor authentication.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-18T14:17:20.013Z and was last modified on 2026-06-22T20:18:53.300Z. The NVD entry is currently Awaiting Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the official advisory. Users of Google's MCP Toolbox for Databases should prioritize patching to prevent unauthorized access to their protected tools and data sources. The vulnerability exists in the validateOpaqueToken function of googleapis/mcp-toolbox, where the code fails to properly validate opaque tokens, potentially granting access to protected tools and underlying data sources if an introspection endpoint omits the mandatory 'active' key in its response.
Official resources
-
CVE-2026-11717 CVE record
CVE.org
-
CVE-2026-11717 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T14:17:20.013Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.