Skip to main content

Apigee

1 CVEs product

Monthly

CVE-2026-12879 MEDIUM PATCH This Month

Cross-tenant data exfiltration in Google Cloud Apigee (versions prior to 2026-06-12) is possible via improper input validation in the BigQuery Data Access Object (DAO) component. An authenticated attacker with high-privilege access can craft requests that bypass tenant isolation boundaries, accessing confidential data belonging to other Apigee tenants on Google Cloud Platform. Google patched this server-side on June 12, 2026 with no customer action required; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Apigee
NVD
CVSS 4.0
5.9
EPSS
0.2%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cross-tenant data exfiltration in Google Cloud Apigee (versions prior to 2026-06-12) is possible via improper input validation in the BigQuery Data Access Object (DAO) component. An authenticated attacker with high-privilege access can craft requests that bypass tenant isolation boundaries, accessing confidential data belonging to other Apigee tenants on Google Cloud Platform. Google patched this server-side on June 12, 2026 with no customer action required; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Google Apigee
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy