EUVD-2026-25203
GHSA-g3wg-j2ff-prcp
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
Lifecycle Timeline
3DescriptionNVD
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.
This vulnerability was patched on 29 January 2026, and no customer action is needed.
AnalysisAI
Information disclosure in Google BigQuery materialized view refresh allows authenticated users to extract sensitive data via crafted views that generate error messages containing confidential information. Google Cloud Platform patched this server-side vulnerability on 29 January 2026 with automatic remediation requiring no customer action. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Confirm BigQuery environment is running post-29 January 2026 patched infrastructure by checking GCP console for service status and reviewing recent audit logs for materialized view refresh errors. Within 7 days: Conduct access review of all BigQuery datasets to identify users who created or modified materialized views during the vulnerability exposure period; check Cloud Audit Logs for suspicious view creation patterns. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today