CVE-2026-9739 | Google MCP Toolbox for Databases up to 2024-11-05 SSE Initialization cross-domain policy (Issue 3053)

SecurityVulns

A vulnerability was found in Google MCP Toolbox for Databases up to 2024-11-05 and classified as critical. Affected is an unknown function of the component SSE Initialization Handler. The manipulation results in permissive cross-domain policy with untrusted domains.

This vulnerability is reported as CVE-2026-9739. The attack can be launched remotely. No exploit exists.

Applying a patch is advised to resolve this issue.VulDB Recent EntriesRead More