CVE 9.4 CRITICAL

CVE-2026-11624_CVE-2026-11624

June 13, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced alongside the existing "--allowed-origins" flag, enabling users to specify permitted hosts at server startup. Both flags default to "*", allowing users to implement strict access controls as needed without breaking existing setups. If either flag is set to "*", the server will output a startup warning about potential vulnerabilities. Documentation has also been updated to highlight these security considerations.

AI Analysis

DNS rebinding vulnerability in Model Context Protocol due to lack of origin validation

Basic Information

ID CVE-2026-11624

Source Google

Published Jun 13, 2026 at 08:38

Affected Product

Vendor Google

Product MCP Toolbox for Databases

Affected Versions Google MCP Toolbox for Databases 0

CWE Classification

CWE-346

AI Assessment

AI Score 9.4 / 10

AI Severity CRITICAL

Vendor Google

Product MCP Toolbox for Databases

References

{
    "lastseen": "",
    "description": "The Model Context Protocol has a security warning advising servers to validate the \"Origin\" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new \"--allowed-hosts\" flag was introduced alongside the existing \"--allowed-origins\" flag, enabling users to specify permitted hosts at server startup. Both flags default to \"*\", allowing users to implement strict access controls as needed without breaking existing setups. If either flag is set to \"*\", the server will output a startup warning about potential vulnerabilities. Documentation has also been updated to highlight these security considerations.",
    "published": "2026-06-13T08:38:42.908Z",
    "modified": "2026-06-13T08:38:42.908Z",
    "type": "cve",
    "title": "CVE-2026-11624",
    "source": "Google",
    "references": "https://github.com/googleapis/mcp-toolbox/issues/3113\nhttps://github.com/googleapis/mcp-toolbox/pull/2254",
    "id": "CVE-2026-11624",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "Google MCP Toolbox for Databases 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MCP Toolbox for Databases",
    "version": "0",
    "vendor": "Google",
    "ai_description": "DNS rebinding vulnerability in Model Context Protocol due to lack of origin validation",
    "ai_severity": "CRITICAL",
    "ai_vendor": "Google",
    "ai_product": "MCP Toolbox for Databases",
    "ai_version": "0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply