Threats Tagged 'cve-2026-11719'
View all threats tagged with 'cve-2026-11719'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-11719'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-11719: CWE-862: Missing Authorization in Google MCP Toolbox for Databases (googleapis/mcp-toolbox)CVE-2026-11719 0 An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol versions (2025-06-18, 2025-03-26, and 2024-11-05) omit this check. An authenticated client with low-privilege tokens (e.g., read) can bypass the intended per-tool scope restrictions and execute high-privilege tools (e.g., admin) simply by specifying an older protocol version in the MCP-Protocol-Version header, or by omitting the header entirely (which causes the server to default to the vulnerable 2024-11-05 handler). Join the discussion | CVE Database V5 | 06/18/2026, 11:55:03 UTC Added: 06/18/2026, 12:05:40 UTC |
Showing 1 to 1 of 1 result