Auth bypass in Google Mcp Toolbox For Databases (Googleapis/mcp-toolbox)

CVE-2026-11719

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restriction…