[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-11624":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-13T17:48:13.121Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":424,"aliases":425,"duplicate_of":9,"upstream":426,"downstream":427,"duplicates":428,"related":429,"reserved_at":9,"published_at":430,"modified_at":430,"state":431,"summary":432,"references_raw":441,"kevs":451,"epss":452,"epss_history":455,"metrics":457,"affected":464},"CVE-2026-11624","The Model Context Protocol has a security warning advising servers to validate the \"Origin\" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new \"--allowed-hosts\" flag was introduced alongside the existing \"--allowed-origins\" flag, enabling users to specify permitted hosts at server startup. Both flags default to \"*\", allowing users to implement strict access controls as needed without breaking existing setups. If either flag is set to \"*\", the server will output a startup warning about potential vulnerabilities. Documentation has also been updated to highlight these security considerations.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-346","Origin Validation Error","The product does not properly verify that the source of data or communication is valid.","weakness","Draft","Class",[19,23,76,88,92,263,267,271,275,279,283,287,291,412,416,420],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-160","Exploit Script-Based APIs",[],{"id":93,"name":94,"techniques":95},"CAPEC-21","Exploitation of Trusted Identifiers",[96,211,239],{"id":97,"name":98,"tactics":99,"countermeasures":109},"T1134","Access Token Manipulation",[100,103,106],{"id":101,"name":102},"TA0030","Defense Evasion",{"id":104,"name":105},"TA0005","Stealth",{"id":107,"name":108},"TA0111","Privilege Escalation",[110,115,119,123,127,131,135,139,143,148,152,156,161,166,170,174,178,182,187,191,195,199,203,207],{"id":111,"name":112,"tactic":113},"D3-CI","Configuration Inventory",{"name":114},"Model",{"id":116,"name":117,"tactic":118},"D3-NTPM","Network Traffic Policy Mapping",{"name":114},{"id":120,"name":121,"tactic":122},"D3-AM","Access Modeling",{"name":114},{"id":124,"name":125,"tactic":126},"D3-AEM","Application Exception Monitoring",{"name":42},{"id":128,"name":129,"tactic":130},"D3-SCA","System Call Analysis",{"name":42},{"id":132,"name":133,"tactic":134},"D3-CCSA","Credential Compromise Scope Analysis",{"name":42},{"id":136,"name":137,"tactic":138},"D3-OPM","Operational Process Monitoring",{"name":42},{"id":140,"name":141,"tactic":142},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":144,"name":145,"tactic":146},"D3-ST","Session Termination",{"name":147},"Evict",{"id":149,"name":150,"tactic":151},"D3-CR","Credential Revocation",{"name":147},{"id":153,"name":154,"tactic":155},"D3-ANCI","Authentication Cache Invalidation",{"name":147},{"id":157,"name":158,"tactic":159},"D3-DUC","Decoy User Credential",{"name":160},"Deceive",{"id":162,"name":163,"tactic":164},"D3-CH","Credential Hardening",{"name":165},"Harden",{"id":167,"name":168,"tactic":169},"D3-MFA","Multi-factor Authentication",{"name":165},{"id":171,"name":172,"tactic":173},"D3-CRO","Credential Rotation",{"name":165},{"id":175,"name":176,"tactic":177},"D3-TB","Token Binding",{"name":165},{"id":179,"name":180,"tactic":181},"D3-TBA","Token-based Authentication",{"name":165},{"id":183,"name":184,"tactic":185},"D3-RC","Restore Configuration",{"name":186},"Restore",{"id":188,"name":189,"tactic":190},"D3-RIC","Reissue Credential",{"name":186},{"id":192,"name":193,"tactic":194},"D3-SCF","System Call Filtering",{"name":75},{"id":196,"name":197,"tactic":198},"D3-CTS","Credential Transmission Scoping",{"name":75},{"id":200,"name":201,"tactic":202},"D3-EAL","Executable Allowlisting",{"name":75},{"id":204,"name":205,"tactic":206},"D3-EDL","Executable Denylisting",{"name":75},{"id":208,"name":209,"tactic":210},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":212,"name":213,"tactics":214,"countermeasures":216},"T1528","Steal Application Access Token",[215],{"id":32,"name":33},[217,219,221,223,225,227,229,231,233,235,237],{"id":132,"name":133,"tactic":218},{"name":42},{"id":149,"name":150,"tactic":220},{"name":147},{"id":153,"name":154,"tactic":222},{"name":147},{"id":157,"name":158,"tactic":224},{"name":160},{"id":162,"name":163,"tactic":226},{"name":165},{"id":167,"name":168,"tactic":228},{"name":165},{"id":171,"name":172,"tactic":230},{"name":165},{"id":175,"name":176,"tactic":232},{"name":165},{"id":179,"name":180,"tactic":234},{"name":165},{"id":188,"name":189,"tactic":236},{"name":186},{"id":196,"name":197,"tactic":238},{"name":75},{"id":240,"name":241,"tactics":242,"countermeasures":244},"T1539","Steal Web Session Cookie",[243],{"id":32,"name":33},[245,247,249,251,253,255,257,259,261],{"id":132,"name":133,"tactic":246},{"name":42},{"id":149,"name":150,"tactic":248},{"name":147},{"id":153,"name":154,"tactic":250},{"name":147},{"id":157,"name":158,"tactic":252},{"name":160},{"id":162,"name":163,"tactic":254},{"name":165},{"id":167,"name":168,"tactic":256},{"name":165},{"id":171,"name":172,"tactic":258},{"name":165},{"id":188,"name":189,"tactic":260},{"name":186},{"id":196,"name":197,"tactic":262},{"name":75},{"id":264,"name":265,"techniques":266},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":268,"name":269,"techniques":270},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":272,"name":273,"techniques":274},"CAPEC-386","Application API Navigation Remapping",[],{"id":276,"name":277,"techniques":278},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":280,"name":281,"techniques":282},"CAPEC-388","Application API Button Hijacking",[],{"id":284,"name":285,"techniques":286},"CAPEC-510","SaaS User Request Forgery",[],{"id":288,"name":289,"techniques":290},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":292,"name":293,"techniques":294},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[295,325],{"id":296,"name":297,"tactics":298,"countermeasures":302},"T1134.001","Token Impersonation/Theft",[299,300,301],{"id":101,"name":102},{"id":104,"name":105},{"id":107,"name":108},[303,305,307,309,311,313,315,317,319,321,323],{"id":132,"name":133,"tactic":304},{"name":42},{"id":149,"name":150,"tactic":306},{"name":147},{"id":153,"name":154,"tactic":308},{"name":147},{"id":157,"name":158,"tactic":310},{"name":160},{"id":162,"name":163,"tactic":312},{"name":165},{"id":167,"name":168,"tactic":314},{"name":165},{"id":171,"name":172,"tactic":316},{"name":165},{"id":175,"name":176,"tactic":318},{"name":165},{"id":179,"name":180,"tactic":320},{"name":165},{"id":188,"name":189,"tactic":322},{"name":186},{"id":196,"name":197,"tactic":324},{"name":75},{"id":326,"name":327,"tactics":328,"countermeasures":333},"T1550.004","Web Session Cookie",[329,330],{"id":101,"name":102},{"id":331,"name":332},"TA0109","Lateral Movement",[334,336,338,340,342,344,346,348,350,354,358,360,362,366,370,374,378,380,382,384,386,388,390,392,394,398,400,402,406,410],{"id":39,"name":40,"tactic":335},{"name":42},{"id":44,"name":45,"tactic":337},{"name":42},{"id":48,"name":49,"tactic":339},{"name":42},{"id":52,"name":53,"tactic":341},{"name":42},{"id":56,"name":57,"tactic":343},{"name":42},{"id":60,"name":61,"tactic":345},{"name":42},{"id":64,"name":65,"tactic":347},{"name":42},{"id":68,"name":69,"tactic":349},{"name":42},{"id":351,"name":352,"tactic":353},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":355,"name":356,"tactic":357},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":140,"name":141,"tactic":359},{"name":42},{"id":132,"name":133,"tactic":361},{"name":42},{"id":363,"name":364,"tactic":365},"D3-PT","Process Termination",{"name":147},{"id":367,"name":368,"tactic":369},"D3-PS","Process Suspension",{"name":147},{"id":371,"name":372,"tactic":373},"D3-HR","Host Reboot",{"name":147},{"id":375,"name":376,"tactic":377},"D3-HS","Host Shutdown",{"name":147},{"id":149,"name":150,"tactic":379},{"name":147},{"id":153,"name":154,"tactic":381},{"name":147},{"id":157,"name":158,"tactic":383},{"name":160},{"id":162,"name":163,"tactic":385},{"name":165},{"id":167,"name":168,"tactic":387},{"name":165},{"id":171,"name":172,"tactic":389},{"name":165},{"id":188,"name":189,"tactic":391},{"name":186},{"id":72,"name":73,"tactic":393},{"name":75},{"id":395,"name":396,"tactic":397},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":192,"name":193,"tactic":399},{"name":75},{"id":208,"name":209,"tactic":401},{"name":75},{"id":403,"name":404,"tactic":405},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":407,"name":408,"tactic":409},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":196,"name":197,"tactic":411},{"name":75},{"id":413,"name":414,"techniques":415},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":417,"name":418,"techniques":419},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":421,"name":422,"techniques":423},"CAPEC-89","Pharming",[],[],[],[],[],[],[],"2026-06-13T08:38:42.908Z","Received",{"cisa_kev":433,"cisa_ransomware":433,"cisa_vendor":9,"epss_severity":434,"epss_score":435,"severity":436,"severity_score":437,"severity_version":438,"severity_source":439,"severity_vector":440,"severity_status":431},false,"low",0.00009,"critical",9.4,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[442,447],{"url":443,"sources":444,"tags":446},"https://github.com/googleapis/mcp-toolbox/issues/3113",[439,445],"nvd",[],{"url":448,"sources":449,"tags":450},"https://github.com/googleapis/mcp-toolbox/pull/2254",[439,445],[],[],{"date":453,"score":435,"percentile":454},"2026-06-13",0.00875,[456],{"date":453,"score":435,"percentile":454},[458,461],{"source":439,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":459},{"baseScore":437,"baseSeverity":460,"vectorString":440,"impactScore":9,"exploitabilityScore":9},"CRITICAL",{"source":445,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":462},{"baseScore":437,"baseSeverity":460,"vectorString":463,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[465],{"ecosystem":9,"name":466,"vendor":467,"product":468,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"MCP Toolbox for Databases","google","mcp toolbox for databases","a",[471],{"version":472,"is_range":473,"range_type":439,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"\u003C 0.25.0",true,"0.25.0","excluding"]