CVE Catalog

CVE-2026-11720

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. By supplying path parameters with directory traversal sequences (../), an attacker can bypass configured path restrictions and access unauthorized endpoints on the same target host.

Risk Assessment

The risk involves potential access to sensitive endpoints (e.g., /admin/secrets) using the toolbox's configured credentials, which could lead to data leakage or privilege escalation.

Recommendation

Immediately update the googleapis/mcp-toolbox library to a patched version. Until then, manually validate and sanitize path parameters in the tool configuration.

Original NVD description (English source)

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL resolution. Because dot segments (../) are normalized during this resolution step, an attacker can supply path parameters containing directory traversal sequences to escape the operator-configured path scope. This allows the client to coerce the toolbox into making requests to unintended endpoints on the same target host while forwarding the toolbox's configured credentials (e.g., bypassing a restricted path like /api/v1/users/{{.id}} to reach /admin/secrets).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS