CVE-2026-10277 j3k0 CVE debrief

Who should care

Organizations and developers using j3k0/mcp-google-workspace, particularly those exposing the MCP Gmail Tool in environments where remote access is possible. Security teams monitoring open-source dependencies for access control vulnerabilities.

Technical summary

The saveToDisk function in src/tools/gmail.ts of the MCP Gmail Tool component fails to enforce proper access controls, allowing remote attackers to manipulate the function and potentially perform unauthorized operations. The vulnerability exists in versions up to commit 831790e7d5c2663325733d9f5579cc339a267c4c. The fix is implemented in commit 89c091ecf8b9f9c7291d1af0b1966e271f86551c. CVSS 4.0 vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. CWE-266 (Incorrect Privilege Assignment) and CWE-284 (Improper Access Control) are identified as relevant weaknesses.

Defensive priority

LOW

Recommended defensive actions

• Apply the patch commit 89c091ecf8b9f9c7291d1af0b1966e271f86551c to the mcp-google-workspace repository
• Review access control logic in the saveToDisk function within src/tools/gmail.ts
• Monitor GitHub issue #19 and pull request #22 for additional context or follow-up fixes
• Assess exposure of MCP Gmail Tool deployments, particularly those accessible remotely
• Consider implementing additional input validation and authorization checks for file operations

Evidence notes

The vulnerability was disclosed publicly on 2026-06-01. The exploit has been made public and could be used. The patch commit 89c091ecf8b9f9c7291d1af0b1966e271f86551c is available. References include the GitHub repository, issue #19, pull request #22, and Vuldb entries.

Official resources