CVE-2026-11717: CRITICAL vuln in googleapis/mcp-toolbox v1.0.0. Improper auth check lets tokens without 'active' field bypass controls — unauthorized access risk. Patch unconfirmed, monitor advisories: https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CVE202611717 #OAuth2 #CloudSecurity