Model Context Protocol Vulnerability in Google APIs
CVE-2026-11624

9.4CRITICAL

Key Information:

Vendor: Google
Status: Mcp Toolbox For Databases
Vendor: CVE Published:; 13 June 2026

What is CVE-2026-11624?

The Model Context Protocol exhibits a security misconfiguration that could expose servers to DNS rebinding attacks. Prior to version 0.25.0, there was no mechanism for users to validate the 'Origin' header for incoming connections. With the introduction of the '--allowed-hosts' flag in version 0.25.0, users can now specify which hosts are permitted during server startup, providing a way to establish stricter access controls. Additionally, the existing '--allowed-origins' flag still allows for configurations, defaulting to '', which can further complicate security if not properly managed. When either flag is set to '', the server will issue a warning at startup alerting users to the potential vulnerabilities. Documentation has been updated to include these critical security details, emphasizing the importance of proper configuration to mitigate risks.

Affected Version(s)

MCP Toolbox for Databases 0 < 0.25.0

References

https://github.com/googleapis/mcp-toolbox/issues/3113

https://github.com/googleapis/mcp-toolbox/pull/2254

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

Jonathan Leitschuh (https://github.com/JLLeitschuh)

CVE-2026-11624 Data

JSON