CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-11720

criticalCVSS 9.1covered by 1 sourcefirst seen 2026-06-29
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL resolution. Because dot segments (../) are normalized during this resolution step, an attacker can supply path parameters containing directory traversal sequences to escape the operator-configured path scope. This allows the client to coerce the toolbox into making requests to unintended endpoints on the same target host while forwarding the toolbox's configured credentials (e.g., bypassing a restricted path like /api/v1/users/{{.id}} to reach /admin/secrets).

⚡ Watch CVE-2026-11720

Get an email if CVE-2026-11720 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-11720

CVE.org record

Embed the live status

CVE-2026-11720 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-11720 status](https://www.csirts.com/badge/CVE-2026-11720)](https://www.csirts.com/cve/CVE-2026-11720)