—
GO-2026-5870
MCP Toolbox for Databases vulnerable to DNS rebinding attacks in github.com/googleapis/mcp-toolbox
Details
MCP Toolbox for Databases vulnerable to DNS rebinding attacks in github.com/googleapis/mcp-toolbox
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/googleapis/mcp-toolbox
Introduced in:
0 Fixed in: 1.2.0 Fix
go get github.com/googleapis/mcp-toolbox@v1.2.0 References
- https://github.com/advisories/GHSA-7pf3-8xx7-rvhf [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-9739 [ADVISORY]
- https://github.com/googleapis/mcp-toolbox/commit/c4c7bd917e686de68e2be866cfe3872c3439efae [FIX]
- https://github.com/googleapis/mcp-toolbox/pull/3054 [FIX]
- https://github.com/googleapis/mcp-toolbox/issues/3053 [REPORT]