Skip to main content

Apigee X

1 CVEs product

Monthly

CVE-2026-2264 CRITICAL PATCH Act Now

Server-Side Request Forgery in Google Cloud Apigee-X's SetIntegrationRequest policy enables remote attackers to coerce the API gateway into making attacker-controlled requests and exfiltrate service account access tokens from the underlying GCP metadata service. The flaw affects Apigee-X versions prior to 1.14.4, 1.15.2, and 1.16.1, but exploitation requires an administrator to have first deployed an API proxy with an insecure configuration. With no public exploit identified and a low EPSS score of 0.14%, the issue carries CVSS 9.2 severity primarily due to the high confidentiality and integrity impact on cloud credentials.

Google SSRF Apigee X
NVD
CVSS 4.0
9.2
EPSS
0.1%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Server-Side Request Forgery in Google Cloud Apigee-X's SetIntegrationRequest policy enables remote attackers to coerce the API gateway into making attacker-controlled requests and exfiltrate service account access tokens from the underlying GCP metadata service. The flaw affects Apigee-X versions prior to 1.14.4, 1.15.2, and 1.16.1, but exploitation requires an administrator to have first deployed an API proxy with an insecure configuration. With no public exploit identified and a low EPSS score of 0.14%, the issue carries CVSS 9.2 severity primarily due to the high confidentiality and integrity impact on cloud credentials.

Google SSRF Apigee X
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy