CVE-2026-10277
j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control
A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 89c091ecf8b9f9c7291d1af0b1966e271f86551c. It is suggested to install a patch to address this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
j3k0 · mcp-google-workspacepublic PoCs found — 1
cve_referencegithub.com/j3k0/mcp-google-workspace/issues/19unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/j3k0/mcp-google-workspace/https://github.com/j3k0/mcp-google-workspace/commit/89c091ecf8b9f9c7291d1af0b1966e271f86551chttps://github.com/j3k0/mcp-google-workspace/issues/19https://github.com/j3k0/mcp-google-workspace/pull/22https://vuldb.com/cve/CVE-2026-10277https://vuldb.com/submit/825416https://vuldb.com/vuln/367570https://vuldb.com/vuln/367570/cti