Google
CVE-2026-2274
Lifecycle Timeline
2DescriptionCVE.org
A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster.
This vulnerability was patched and no customer action is needed.
AnalysisAI
A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet versions up to 2025-11 is affected by server-side request forgery (ssrf).
Technical ContextAI
This vulnerability (CWE-918: Server-Side Request Forgery (SSRF)) affects A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet. A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster.
This vulnerability was patched and no customer action is needed.
Affected ProductsAI
Product: A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet. Versions: up to 2025-11.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today