Skip to main content

Cloud Console Uis

1 CVEs product

Monthly

CVE-2026-8934 MEDIUM PATCH This Month

Cross-project App Engine request log leakage in Google Cloud Console's GraphQL private API exposed sensitive telemetry data to unauthenticated remote attackers. The vulnerability, classified as CWE-862 (Missing Authorization), allowed a specially crafted GraphQL request to bypass authorization controls on the App Engine section of Cloud Console, enabling read access to request logs belonging to arbitrary GCP projects. Google applied a server-side fix on 7 April 2026; no public exploit or KEV listing has been identified at time of analysis.

Authentication Bypass Google Cloud Console Uis
NVD
CVSS 4.0
6.9
EPSS
0.4%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Cross-project App Engine request log leakage in Google Cloud Console's GraphQL private API exposed sensitive telemetry data to unauthenticated remote attackers. The vulnerability, classified as CWE-862 (Missing Authorization), allowed a specially crafted GraphQL request to bypass authorization controls on the App Engine section of Cloud Console, enabling read access to request logs belonging to arbitrary GCP projects. Google applied a server-side fix on 7 April 2026; no public exploit or KEV listing has been identified at time of analysis.

Authentication Bypass Google Cloud Console Uis
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy