A critical path traversal vulnerability in Google’s MCP Toolbox for Databases allows unauthorized access to sensitive internal API endpoints, posing a severe risk of credential and data exposure.

The vulnerability exists in the HTTP tool URL builder, which fails to properly sanitize user-supplied path parameters before resolution. An unauthenticated attacker can exploit this by injecting directory traversal sequences (../) to escape the intended API path, effectively coercing the service to access sensitive endpoints while utilizing configured credentials.

The ability to bypass path-level authorization enables attackers to perform unauthorized actions or exfiltrate sensitive data, such as administrative secrets. With a CVSS score of 9.3, this flaw represents a critical risk to the confidentiality and integrity of database-connected services, potentially leading to a complete compromise of the backend infrastructure.

Immediate Action: Update the googleapis/mcp-toolbox component to the latest patched version provided by Google.

Proactive Monitoring: Review application access logs for anomalous requests containing directory traversal patterns or unexpected API path access attempts.

Compensating Controls: Implement strict input validation at the API gateway level to block requests containing sequences that attempt to traverse outside of authorized directory scopes.

Public Exploit Available: false

Given the critical nature of this path traversal vulnerability and the potential for unauthorized access to sensitive administrative interfaces, organizations must treat this as a high-priority remediation task. Apply the vendor-supplied updates immediately and audit API configurations to ensure that restricted paths remain protected from unauthorized traversal attempts.