Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 01 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 89c091ecf8b9f9c7291d1af0b1966e271f86551c. It is suggested to install a patch to address this issue. | |
| Title | j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control | |
| First Time appeared |
J3k0
J3k0 mcp-google-workspace |
|
| Weaknesses | CWE-266 CWE-284 |
|
| CPEs | cpe:2.3:a:j3k0:mcp-google-workspace:*:*:*:*:*:*:*:* | |
| Vendors & Products |
J3k0
J3k0 mcp-google-workspace |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-06-01T19:34:35.621Z
Reserved: 2026-05-31T16:06:06.795Z
Link: CVE-2026-10277
Updated: 2026-06-01T19:34:30.267Z
Status : Deferred
Published: 2026-06-01T19:16:20.240
Modified: 2026-06-02T13:03:31.153
Link: CVE-2026-10277
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:53:32Z