Google Mcp Toolbox For Databases — known CVE vulnerabilities
Every CVE whose affected-product data names Google Mcp Toolbox For Databases, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2026-11720 — CVSS 9.1 (critical): A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests…