{"vulnerability": "cve-2026-1171", "sightings": [{"uuid": "ca834db4-a672-48c2-a81b-1f14a9184850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11718", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokvs5esly2y", "content": "CVE-2026-11718 - Google Cloud Token Validation Authentication Bypass\nCVE ID : CVE-2026-11718\n \n Published : June 18, 2026, 11:52 a.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : An authentication bypass vulnerability exists in the generic opaque token validation path (validateOp...", "creation_timestamp": "2026-06-18T13:13:13.478050Z"}, {"uuid": "27ced20f-9eec-4625-8044-3b65f6e44c76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11717", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokw33ts7e2e", "content": "CVE-2026-11717 - Google Cloud Platform OAuth Authentication Bypass\nCVE ID : CVE-2026-11717\n \n Published : June 18, 2026, 11:50 a.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : An authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaq...", "creation_timestamp": "2026-06-18T13:18:13.684820Z"}, {"uuid": "891d4e8e-447b-4fd4-a0db-0010a5cdc2df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11719", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mokx6vrkz32w", "content": "CVE-2026-11719 - MCP Toolbox for Databases Authorization Bypass\nCVE ID : CVE-2026-11719\n \n Published : June 18, 2026, 11:55 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing sco...", "creation_timestamp": "2026-06-18T13:38:15.495092Z"}, {"uuid": "dd43ec3c-23b7-499a-a600-5e82d4a44911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11718", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mokygbvzep2c", "content": "Critical auth bypass in Google MCP Toolbox for Databases v1.0.0 (CVE-2026-11718). Flawed token validation can allow unauthorized access. Do not use v1.0.0 in production; monitor for patches. https://radar.offseq.com/threat/cve-2026-11718-cwe-287-improper-authentication-in--680f47148b06b96d #OffSe...", "creation_timestamp": "2026-06-18T14:00:17.378276Z"}, {"uuid": "bd284468-f7a5-4f98-bdd7-62c96236c63c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11718", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116771469042261685", "content": "CVE-2026-11718 (CRITICAL): Google MCP Toolbox for Databases v1.0.0 has an auth bypass flaw in token validation. Issuer checks can be skipped, enabling unauthorized access. Avoid v1.0.0 &amp; monitor for fixes. https://radar.offseq.com/threat/cve-2026-11718-cwe-287-improper-authentication-in--680f47148b06b96d #OffSeq #CVE202611718 #infosec #oauth2", "creation_timestamp": "2026-06-18T14:00:30.755198Z"}, {"uuid": "94adfdb2-4873-47e6-b1f4-29b966975af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11717", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mol5hf2ood27", "content": "CRITICAL severity: googleapis/mcp-toolbox v1.0.0 lets tokens missing 'active' bypass auth checks \u2014 risking unauthorized access. No fix yet. Monitor vendor updates for remediation. https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CloudSec...", "creation_timestamp": "2026-06-18T15:30:22.913987Z"}, {"uuid": "d38b4e06-5b5a-4fac-8889-74947ea096f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-11717", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116771823299071551", "content": "CVE-2026-11717: CRITICAL vuln in googleapis/mcp-toolbox v1.0.0. Improper auth check lets tokens without 'active' field bypass controls \u2014 unauthorized access risk. Patch unconfirmed, monitor advisories: https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CVE202611717 #OAuth2 #CloudSecurity", "creation_timestamp": "2026-06-18T15:30:29.805444Z"}, {"uuid": "34648701-cc59-4f2f-beb0-bd72bb0b3a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11712", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities_20260702", "content": "", "creation_timestamp": "2026-07-02T08:28:22.598026Z"}, {"uuid": "93e2125b-7388-471b-a9e0-259149673ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-11714", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities_20260702", "content": "", "creation_timestamp": "2026-07-02T08:28:26.887193Z"}, {"uuid": "e29f6d74-549e-427d-9cfa-8f7db6ac08b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11712", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpq3olhqew23", "content": "\ud83d\udccc CVE-2026-11712 - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system. https://www.cyberhub.blog/cves/CVE-2026-11712", "creation_timestamp": "2026-07-03T08:07:07.344386Z"}, {"uuid": "20a9f02c-2f86-48ba-bdda-c3c8aabb8a48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11712", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcg5hfj22b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11712 \u0432 IBM WebSphere Application Server: \u0443\u0433\u0440\u043e\u0437\u0430 XSS \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/78FAD860-9399-48AF-A983-A19E6F490087", "creation_timestamp": "2026-07-03T10:07:39.621263Z"}, {"uuid": "d31e38c2-7d52-4029-8783-eb5ba834318c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11714", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcgr7uy326", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-11714 \u0432 IBM WebSphere Application Server: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/463B2F6B-B5DF-445B-BC83-8FFA991DFD30", "creation_timestamp": "2026-07-03T10:08:00.626230Z"}, {"uuid": "e43fa022-1f0f-4655-b4ad-395e24e0adc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11712", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mpwyugys2y22", "content": "IBM WebSphere vulnerabilities like CVE-2026-11712 expose servers to severe XSS and path traversal attacks. Patch systems immediately.\n\n#IBM #WebSphere #CyberSecurity #CVE202611712", "creation_timestamp": "2026-07-06T02:05:21.838053Z"}, {"uuid": "1c1e5282-14d2-4202-8529-b257f255951d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11714", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqlvtmvlee2s", "content": "\ud83d\udccc CVE-2026-11714 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-... https://www.cyberhub.blog/cves/CVE-2026-11714", "creation_timestamp": "2026-07-14T09:37:06.276528Z"}]}