CVE-2026-9739 | Google MCP Toolbox for Databases up to 2024-11-05 SSE Initialization cross-domain policy (Issue 3053)
A vulnerability was found in Google MCP Toolbox for Databases up to 2024-11-05 and classified as critical. Affected is an unknown function of the component SSE Initialization Handler. The manipulation results in permissive cross-domain policy with untrusted domains.
This vulnerability is reported as CVE-2026-9739. The attack can be launched remotely. No exploit exists.
Applying a patch is advised to resolve this issue.VulDB Recent EntriesRead More