Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Google Cloud — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting Google Cloud. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Google Cloud operates as a comprehensive suite of cloud computing services, providing infrastructure, platform, and software solutions for enterprise data storage, analytics, and application development. With thirty-one recorded Common Vulnerabilities and Exposures, the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex integration points or third-party dependencies. Security assessments indicate that while the underlying infrastructure maintains robust isolation mechanisms, application-layer vulnerabilities frequently arise from misconfigurations or unpatched components within managed services. Notable incidents have primarily involved data exposure risks due to incorrect access controls rather than systemic infrastructure breaches. The platform continues to implement rigorous patch management and automated security scanning to mitigate these risks, emphasizing the importance of proper configuration by end-users to maintain the integrity of deployed workloads within the broader Google ecosystem.

Top products by Google Cloud: Looker Looker Studio Google Cloud SecOps SOAR BigQuery Agent Development Kit (ADK) Cloud Build Vertex AI Workbench Vertex AI Experiments Vertex AI SDK for Python Gemini Enterprise (formerly Agentspace) Dialogflow CX Messenger Dialogflow CX Cloud Data Fusion Apigee-X Apigee hybrid Javacallout policy Vertex AI: Partner Models for MaaS Google SecOps SOAR Dataform Classic Application Load Balancer Application Integration Migrate to Containers
CVE IDTitleCVSSSeverityPublished
CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages — BigQueryCWE-209 4.3AIMediumAI2026-04-23
CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK) — Agent Development Kit (ADK)CWE-306 9.8 -2026-04-13
CVE-2026-3136 Google Cloud Build Comment Control Bypass — Cloud BuildCWE-863 9.8AICriticalAI2026-03-03
CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench — Vertex AI WorkbenchCWE-200 7.5AIHighAI2026-02-26
CVE-2026-2473 Bucket Squatting in Vertex AI Experiments leads to RCE and Model Theft. — Vertex AI ExperimentsCWE-340 9.8AICriticalAI2026-02-20
CVE-2026-2472 Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization — Vertex AI SDK for PythonCWE-79 6.1AIMediumAI2026-02-20
CVE-2026-1727 Information Disclosure via Bucket Squatting in Google Cloud Agentspace. — Gemini Enterprise (formerly Agentspace)CWE-200 7.5AIHighAI2026-02-06
CVE-2025-13427 Authentication Bypass in Dialogflow CX Messenger — Dialogflow CX MessengerCWE-287 9.1AICriticalAI2025-12-18
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role — Dialogflow CXCWE-269 8.8AIHighAI2025-12-10
CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload — Cloud Data FusionCWE-502 8.8AIHighAI2025-12-10
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages — Google Cloud SecOps SOARCWE-20 8.8AIHighAI2025-12-09
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access. — Apigee-XCWE-269 9.1 -2025-12-06
CVE-2025-13426 Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution — Apigee hybrid Javacallout policyCWE-913 8.8 -2025-12-05
CVE-2025-12742 Remote Code Execution in Looker via Teradata JDBC Driver — LookerCWE-78 8.8AIHighAI2025-11-25
CVE-2025-12741 Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution — LookerCWE-20 8.8AIHighAI2025-11-24
CVE-2025-12740 Remote Command Execution in Looker via IBM DB2 JDBC drive — LookerCWE-20 8.8AIHighAI2025-11-24
CVE-2025-12739 Cross-Site Scripting (XSS) in Looker's Extension Loader leading to Admin Account Compromise — LookerCWE-79 7.6AIHighAI2025-11-24
CVE-2025-12414 Looker account compromise via punycode homograph attack — LookerCWE-290 7.4 -2025-11-20
CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database — LookerCWE-89 6.5AIMediumAI2025-11-19
CVE-2025-12472 Remote Code Execution in Looker due to Improperly Validated Directory Deletion — LookerCWE-362 7.5AIHighAI2025-11-19
CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio — Looker StudioCWE-269 8.8 -2025-11-10
CVE-2025-12409 SQL Injection in Looker Studio — Looker StudioCWE-89 8.1 -2025-11-10
CVE-2025-12397 SQL Injection in Looker Studio — Looker StudioCWE-89 8.8 -2025-11-10
CVE-2025-12155 Command Injection in Looker — LookerCWE-77 8.8 -2025-11-10
CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models — Vertex AI: Partner Models for MaaSCWE-444 9.8AICriticalAI2025-10-22
CVE-2025-9918 Zip Slip in Google SecOps SOAR allows for Remote Code Execution — Google SecOps SOARCWE-22 8.8AIHighAI2025-09-11
CVE-2025-9118 Dataform Path Traversal — DataformCWE-22 9.1AICriticalAI2025-08-25
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation — Classic Application Load BalancerCWE-444 7.5AIHighAI2025-05-16
CVE-2025-0982 Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine) — Application IntegrationCWE-829 10.0 -2025-02-06
CVE-2024-9858 Insecure user permissions in Google Cloud Migrate to Containers for Windows — Migrate to ContainersCWE-276 6.7 -2024-10-16

This page lists every published CVE security advisory associated with Google Cloud. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.