Primary

Context

Google Cloud Application Integration Improper Access Control Vulnerability Allowing Information Disclosure and Arbitrary Code Execution

Vulnerability

A vulnerability has been identified in several internal API endpoints for Google Cloud Application Integration, prior to January 23, 2026. This vulnerability allows remote, unauthenticated attackers to disclose sensitive internal information and execute arbitrary code. The issue arises from improper access control on inadvertently exposed internal API endpoints, which can be exploited using specially crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive internal information and the execution of arbitrary code on the server.

Remediation

This vulnerability has been addressed by restricting access to the exposed API endpoints. No action is required from users, as the necessary fixes have been automatically deployed to Gemini Enterprise.

Added: May 15, 2026, 4:20 PM

Updated: May 15, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

0.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

0.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Application Integration Improper Access Control Vulnerability Allowing Information Disclosure and Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Google Cloud Application Integration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating