Google AppSheet Core SSRF and Arbitrary File Read Vulnerability

Vulnerability

A vulnerability allowing server-side request forgery (SSRF) and arbitrary file reading has been identified in Google AppSheet Core, affecting versions prior to November 23, 2025. This vulnerability allows authenticated remote attackers to read sensitive local files and access internal network resources by sending crafted requests to the production cluster.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive local files and internal network resources.

Added: Feb 19, 2026, 6:25 PM

Updated: Feb 19, 2026, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google AppSheet Core SSRF and Arbitrary File Read Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating