CVE-2026-11720
Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL resolution. Because dot segments (../) are normalized during this resolution step, an attacker can supply path parameters containing directory traversal sequences to escape the operator-configured path scope. This allows the client to coerce the toolbox into making requests to unintended endpoints on the same target host while forwarding the toolbox's configured credentials (e.g., bypassing a restricted path like /api/v1/users/{{.id}} to reach /admin/secrets).
| CWE | CWE-22 |
| Vendor | |
| Product | mcp toolbox for databases (googleapis/mcp-toolbox) |
| Ecosystems | |
| Industries | Technology |
| Published | Jun 29, 2026 |
| Last Updated | Jun 29, 2026 |
Get instant alerts for google mcp toolbox for databases (googleapis/mcp-toolbox)
Be the first to know when new unknown vulnerabilities affecting google mcp toolbox for databases (googleapis/mcp-toolbox) are published โ delivered to Slack, Telegram or Discord.