mcp-toolbox

v1.3.0 Feature

This release adds 4 notable features for engineering teams evaluating rollout.

Published 13d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent agents ai bigquery clickhouse cockroachdb

+14 more

database elasticsearch firestore genai llm mcp mongodb mysql oracle postgresql redis server spanner tidb

Affected surfaces

auth rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 13d

MCP Toolbox 1.3.0 patches path traversal in HTTP tools, enforces auth boundaries on tool/prompt access, and fixes auth expiration handling. This release includes six bugfixes addressing security, access control, and data handling.

Why it matters: Path traversal prevention in HTTP tools closes a potential vulnerability; auth boundary enforcement and expiration fixes prevent unauthorized access. New cloud-sql-admin tools enable additional integrations. Test in dev before production deployment.

Summary

AI summary

Updates Bug Fixes, 1.3.0, and 2026-05-21 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Implement MCP auth tool-level scopes validation. Implement MCP auth tool-level scopes validation. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Propagate client IP from incoming MCP requests to downstream SDK calls. Propagate client IP from incoming MCP requests to downstream SDK calls. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Setup SQLCommenter and allow client metadata. Setup SQLCommenter and allow client metadata. Source: llm_adapter@2026-05-22 Confidence: high	—
Feature	Medium	Add cloud-sql-admin-execute-sql-many and cloud-sql-admin-sql-many tools. Add cloud-sql-admin-execute-sql-many and cloud-sql-admin-sql-many tools. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix
Bugfix	Medium	Fix generic auth expiration field and integration with authRequired. Fix generic auth expiration field and integration with authRequired. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Enforce toolset/promptset boundary on tools/call and prompts/get. Enforce toolset/promptset boundary on tools/call and prompts/get. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Prevent path traversal and base path scope escape in HTTP tools. Prevent path traversal and base path scope escape in HTTP tools. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Return a 401 error to MCP client when Looker returns a 401. Return a 401 error to MCP client when Looker returns a 401. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Strip wrapping quotes from filter values for unquoted parameters in Looker tools. Strip wrapping quotes from filter values for unquoted parameters in Looker tools. Source: llm_adapter@2026-05-22 Confidence: high	—
Bugfix	Medium	Initialize query result slices to empty array. Initialize query result slices to empty array. Source: llm_adapter@2026-05-22 Confidence: low	—

Full changelog

1.3.0 (2026-05-21)

Features

auth: Implement MCP auth tool-level scopes validation (#3049) (c528985)
looker: Propagate client IP from incoming MCP requests to downstream SDK calls (#3253) (75da6c2)
Setup SQLCommenter and allow client metadata (#3064) (9f1f9b3)
tool/cloudsqladmin: Add cloud-sql-admin-execute-sql-many and cloud-sql-admin-sql-many (#3083) (ef300a8)

Bug Fixes

auth/generic: Fix generic auth expiration field and integration with authRequired (#3251) (f4d16c0)
Enforce toolset/promptset boundary on tools/call and prompts/get (#3036) (c739b80)
tools/http: Prevent path traversal and base path scope escape (#3218) (80a6602)
tools/looker: Return a 401 error to MCP client when Looker returns a 401 (#3233) (4f409a3)
tools/looker: Strip wrapping quotes from filter values for unquoted parameters (#3273) (1e3de96)
tools: Initialize query result slices to empty array (#3250) (60ddf48)

| OS/Architecture | Description | SHA256 Hash |
| --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------- |
| linux/amd64 | For Linux systems running on Intel/AMD 64-bit processors. | 08e00671737ff4fd6c7af25a1a0c5da43b3657c4a435fd0a381757876d694b45 |
| darwin/arm64 | For macOS systems running on Apple Silicon (M1, M2, M3, etc.) processors. | b16ea9f864b0b9c711dff0b08a663e6dee5969b41033fe6d05412dc04e85cfb8 |
| darwin/amd64 | For macOS systems running on Intel processors. | 94d6fd02a4bbc67ad9dcf69d5f36af5a584735d2fb2ebb0023e91cb701e7a98a |
| windows/amd64 | For Windows systems running on Intel/AMD 64-bit processors. | 4661004b9cd37ea258d82332a24b3955fd9a258a5b8b6da471584cd7cb3de35d |

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mcp-toolbox

Get notified when new releases ship.

About mcp-toolbox

MCP Toolbox for Databases is an open source MCP server for databases.

All releases →