A vulnerability was found in Google MCP Toolbox for Databases up to 1.3.0 . It has been classified as critical . Affected is an unknown function. Performing a manipulation of the argument iss results in improper authentication. This vulnerability is known as CVE-2026-11718 . Remote exploitation of the attack is possible. No exploit is available.