Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Google Cloud Build with GitHub Integration Allows Malicious Code Execution
CVE-2026-3136
Summary
A security weakness in Google Cloud Build's GitHub integration allowed a hacker to run malicious code on a build server. This only affected users who used Cloud Build with GitHub before January 26, 2026. Google fixed the issue and no action is needed from customers.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cloud_build | <= 2026-1-26 | – |
Original title
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment.
This...
Original description
An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment.
This vulnerability was patched on 26 January 2026, and no customer action is needed.
This vulnerability was patched on 26 January 2026, and no customer action is needed.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.6
Vulnerability type
CWE-863
Incorrect Authorization
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026