{"uuid": "2660f72c-851d-4ff9-8afd-fddc613ea82e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9739", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116649259043709670", "content": "\ud83d\udea8 CRITICAL: CVE-2026-9739 in Google MCP Toolbox for Databases (CVSS 9.4) allows DNS rebinding via a permissive cross-domain policy in SSE. No patch yet \u2014 restrict untrusted domains & monitor advisories. https://radar.offseq.com/threat/cve-2026-9739-cwe-942-permissive-cross-domain-poli-e5d6e88a #OffSeq #CVE #Infosec #Google", "creation_timestamp": "2026-05-28T00:00:39.272255Z"}