A critical vulnerability (CVE-2026-0257) has been identified in the MCP Toolbox, affecting its integration with enterprise database connectors. This flaw allows malicious websites to bypass security controls, exposing networks to session hijacking risks. The underlying issue stems from a hardcoded access control header that overrides CORS policies, enabling unauthorized access to local servers. The recommended fix involves removing the problematic header to restore secure origin permissions, thereby protecting sensitive infrastructure.
CVE-2026-0257 flaw in MCP Toolbox allows site based session hijack
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
CVE-2026-0257 flaw lets hackers bypass Palo Alto VPN auth
darkreading.com
-
CVE-2026-0257 Cache Warmer RCE Bug Hits
securityonline.info
-
Palo Alto PANOS flaw exploited days after patch release
securityweek.com
-
CISA flags PAN-OS flaw CVE-2026-0257 as attackers bypass VPN auth
securityaffairs.com
-
Attackers Exploit CVE-2026-0257 in Palo Alto GlobalProtect VPN
infosecurity-magazine.com
-
Critical Langroid Vulnerability Allows RCE via Prompt Injection
-
Critical FreeBSD Kernel Buffer Overflow Disclosed: Public Details & PoC Out
-
CVE-2026-0257 flaw lets attackers hijack Palo Alto VPN logins
-
CVE-2026-0257 flaw in MCP Toolbox allows site based session hijack
-
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
thehackernews.com
-
Critical PANOS Flaw Lets Attackers Bypass Authentication
-
CISA Adds Palo Alto PAN OS Auth Bypass CVE-2026-0257 to KEV List
cisa.gov