CVE-2026-11718
Received Received - Intake
Authentication Bypass in MCP Toolbox via OAuth Token Validation

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: Google Inc.

Description
An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint (RFC 7662), it decodes the response into an introspectResp struct. However, the subsequent claim-checking logic (validateClaims) evaluates the issuer condition as if a.issuer != "" && iss != "". If the external OAuth provider's introspection response omits the optional iss (issuer) field completely, the variable iss defaults to an empty string. This causes the conditional block to evaluate to false and be skipped silently. Consequently, the application accepts tokens issued by unauthorized or unintended third-party identity providers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-11718
EUVD
EUVD-2026-37880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
googleapis mcp_toolbox 1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authentication bypass by accepting tokens issued by unauthorized or unintended third-party identity providers due to improper issuer validation.

This flaw can lead to unauthorized access to protected resources, which may result in violations of security requirements mandated by common standards and regulations such as GDPR and HIPAA.

Specifically, failure to properly validate token issuers undermines the integrity of authentication mechanisms, potentially exposing sensitive personal or health data to unauthorized parties, thereby impacting compliance with data protection and privacy regulations.

Executive Summary

This vulnerability is an authentication bypass in the googleapis/mcp-toolbox related to how opaque tokens are validated. Specifically, when the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint, it decodes the response but fails to properly check the issuer field if it is missing. If the introspection response omits the optional issuer (iss) field, the validation logic skips the issuer check, allowing tokens issued by unauthorized or unintended third-party identity providers to be accepted.

The root cause is that the claim-checking logic evaluates the issuer condition incorrectly, causing the application to accept tokens without verifying the issuer when the issuer field is absent.

Impact Analysis

This vulnerability can allow attackers to bypass authentication by presenting tokens issued by unauthorized or unintended third-party identity providers. As a result, unauthorized users could gain access to protected resources or services that rely on the googleapis/mcp-toolbox for token validation.

This could lead to unauthorized access, data breaches, and compromise of system integrity, potentially impacting the security of applications using this token validation mechanism.

Detection Guidance

Detection of this vulnerability involves verifying whether the opaque token validation process properly enforces the presence and correctness of the issuer (iss) field in OAuth 2.0 introspection responses.

Specifically, you should check if tokens are being accepted when the introspection response omits the issuer field, which should not happen.

While no explicit commands are provided, you can monitor or capture OAuth 2.0 introspection responses on your system or network to see if any tokens are validated without an issuer field.

For example, using tools like curl or tcpdump to inspect introspection endpoint responses, or enabling debug logs in the mcp-toolbox to verify if tokens missing the issuer are accepted.

Mitigation Strategies

To mitigate this vulnerability immediately, update the googleapis/mcp-toolbox to version 1.4.0 or later, which includes the fix that enforces issuer presence and matching during opaque token validation.

This update ensures that if an issuer is configured for token validation, it must be present and match the issuer in the introspection response, preventing acceptance of tokens from unauthorized identity providers.

Additionally, review your token validation configuration to ensure that issuer checks are properly enabled and monitored.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart