CVE-2026-10277
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
01/06/2026
Last modified:
02/06/2026
Description
A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 89c091ecf8b9f9c7291d1af0b1966e271f86551c. It is suggested to install a patch to address this issue.
Impact
Base Score 4.0
2.10
Severity 4.0
LOW
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.50
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/j3k0/mcp-google-workspace/
- https://github.com/j3k0/mcp-google-workspace/commit/89c091ecf8b9f9c7291d1af0b1966e271f86551c
- https://github.com/j3k0/mcp-google-workspace/issues/19
- https://github.com/j3k0/mcp-google-workspace/pull/22
- https://vuldb.com/cve/CVE-2026-10277
- https://vuldb.com/submit/825416
- https://vuldb.com/vuln/367570
- https://vuldb.com/vuln/367570/cti



