Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-2031: Google Cloud Application Integration exposes sensitive data

CVE-2026-2031

Summary

Some Google Cloud Application Integration internal API endpoints allowed unauthorized access to sensitive information. This could be exploited by attackers to steal sensitive data or take control of the system. Google has since fixed this issue, but users should update their systems to ensure they have the latest security patches.

Original title

Original description

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.

nvd CVSS4.0 10.0

Vulnerability type

CWE-862 Missing Authorization

https://docs.cloud.google.com/gemini/enterprise/docs/release-notes#May_07_2026

Published: 15 May 2026 · Updated: 31 May 2026 · First seen: 15 May 2026