LOW
j3k0
CVE published 2026-06-01
CVE-2026-10277
A vulnerability in j3k0/mcp-google-workspace affects the saveToDisk function in src/tools/gmail.ts of the MCP Gmail Tool component. The issue involves improper access controls that can be triggered through remote manipulation. The product uses a rolling release model, so specific version numbers for affected or fixed releases are not available. A patch has been committed to address this vulnerability.