Skip to main content

Colab Enterprise

1 CVEs product

Monthly

CVE-2026-14934 CRITICAL PATCH Act Now

Cross-tenant privilege escalation in the repository creation functionality shared by Google Cloud BigQuery, Dataform, and Colab Enterprise allowed an authenticated GCP user to take over repositories belonging to other tenants. Rated CVSS 4.0 9.4 (critical) with a scope-changing cross-tenant impact, the flaw was a Missing Authorization (CWE-862) issue affecting the managed services between October 2025 and 10 May 2026. Google reports no public exploit identified at time of analysis; the defect was fixed server-side on 10 May 2026 with no customer action required.

Authentication Bypass Google Bigquery Dataform Colab Enterprise
NVD VulDB
CVSS 4.0
9.4
EPSS
0.2%
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Cross-tenant privilege escalation in the repository creation functionality shared by Google Cloud BigQuery, Dataform, and Colab Enterprise allowed an authenticated GCP user to take over repositories belonging to other tenants. Rated CVSS 4.0 9.4 (critical) with a scope-changing cross-tenant impact, the flaw was a Missing Authorization (CWE-862) issue affecting the managed services between October 2025 and 10 May 2026. Google reports no public exploit identified at time of analysis; the defect was fixed server-side on 10 May 2026 with no customer action required.

Authentication Bypass Google Bigquery +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy