Skip to main content

Dialogflow CX CVE-2026-4764

| EUVDEUVD-2026-36221 CRITICAL
Missing Authorization (CWE-862)
2026-06-11 GoogleCloud GHSA-6c66-33pw-q83j
9.4
CVSS 4.0 · Vendor: GoogleCloud
Share

Severity by source

Vendor (GoogleCloud) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
vuln.today AI
9.9 CRITICAL

Network-reachable Google API (AV:N), no special conditions beyond a low-tier Dialogflow role (AC:L, PR:L), no user interaction, and impact crosses from the service to the entire GCP project (S:C with C/I/A:H).

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (GoogleCloud).

CVSS VectorVendor: GoogleCloud

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 11, 2026 - 13:01 EUVD
Analysis Generated
Jun 11, 2026 - 11:54 vuln.today

DescriptionCVE.org

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.

This vulnerability was patched on 15 March 2026, and no customer action is needed.

AnalysisAI

Privilege escalation in Google Cloud Dialogflow CX allows authenticated users holding specific IAM roles to abuse the playbook import functionality and potentially take over the entire GCP project. Google has confirmed the issue was patched server-side on 15 March 2026 with no customer action required, and no public exploit has been identified at time of analysis.

Technical ContextAI

Dialogflow CX is Google Cloud's advanced conversational AI platform for building virtual agents, where 'playbooks' are reusable configurations describing agent behavior that can be imported between projects. The root cause maps to CWE-862 (Missing Authorization): the playbook import code path failed to enforce a sufficient authorization check on the importing principal, allowing a caller with lower-tier Dialogflow roles to perform actions that should have been gated behind project-level permissions. The CPE cpe:2.3:a:google_cloud:dialogflow_cx confirms the flaw lives in the managed cloud service rather than a downloadable component, meaning fix deployment is centralized at Google.

RemediationAI

Patch available per vendor advisory: Google has remediated the playbook import authorization check in the managed Dialogflow CX service as of 15 March 2026, and the official guidance in https://docs.cloud.google.com/dialogflow/docs/release-notes#May_07_2026 explicitly states no customer action is required. Customers concerned about prior exposure should still review Cloud Audit Logs for unexpected dialogflow.googleapis.com playbook import calls performed by lower-privileged principals between service GA and 15 March 2026, and tighten IAM bindings so that only trusted principals hold Dialogflow editor-tier roles in production projects - the trade-off being added friction for legitimate conversational-AI developers.

Share

CVE-2026-4764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy