Auth bypass in Google Mcp Toolbox For Databases (Googleapis/mcp-toolbox)

CVE-2026-11717

An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When verifying an unparsed opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), the too…

Vulnerability class: Broken Authentication