Google Cloud Build GitHub Trigger Comment Control Improper Authorization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability allowing improper authorization has been identified in the GitHub Trigger Comment Control feature of Google Cloud Build, affecting versions prior to January 26, 2026. This vulnerability enables remote attackers to execute arbitrary code within the build environment.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the build environment.

Added: Mar 3, 2026, 5:18 PM

Updated: Mar 3, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Build GitHub Trigger Comment Control Improper Authorization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating