COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-11720

CVE-2026-11720

Severity
critical
Source
NVD · cve
Published
2026-06-29
CVSS
9.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-11720
shame 35/100

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While

Players implicated

Google · vendormcp toolbox for databases · product

Description

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL resolution. Because dot segments (../) are normalized during this resolution step, an attacker can supply path parameters containing directory traversal sequences to escape the operator-configured path scope. This allows the client to coerce the toolbox into making requests to unintended endpoints on the same target host while forwarding the toolbox's configured credentials (e.g., bypassing a restricted path like /api/v1/users/{{.id}} to reach /admin/secrets).

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Google Services (Google Cloud Platform Products and underlying Infrastructure) Google Authorized vendor-exact · 0.90
Google Workspace Google Authorized vendor-exact · 0.90