CVE-2026-11720 | Google MCP Toolbox for Databases up to 1.2.x Relative URL /api/v1/users path traversal

SecurityVulns

A vulnerability was found in Google MCP Toolbox for Databases up to 1.2.x. It has been classified as critical. Affected is an unknown function of the file /api/v1/users of the component Relative URL Handler. This manipulation causes path traversal.

The identification of this vulnerability is CVE-2026-11720. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More