Google AppSheet: Sensitive Local File Read and Network Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.5

Google AppSheet: Sensitive Local File Read and Network Access

CVE-2026-2274

Summary

A security issue in Google AppSheet (before November 23, 2022) allowed an attacker with a user account to read sensitive files and access internal network resources. However, this issue has been fixed and no action is required from customers. You do not need to take any steps to address this vulnerability.

Original title

Original description

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster.

This vulnerability was patched and no customer action is needed.

nvd CVSS4.0 8.5

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://discuss.google.dev/t/november-23-2025/332118

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026