Missing Authorization in Google Cloud BigQuery and Colab Enterprise
CVE-2026-14934
9.4CRITICAL
What is CVE-2026-14934?
A vulnerability in the repository creation feature across Google Cloud BigQuery, Dataform, and Colab Enterprise allows authenticated attackers to escalate their privileges. By exploiting this flaw, attackers can take over repositories across different tenants, potentially compromising sensitive data. This issue was resolved on May 10, 2026, with no customer intervention required.
Affected Version(s)
BigQuery 2025-10 < 2026-05-10
Colab Enterprise 2025-10 < 2026-05-10
Dataform 2025-10 < 2026-05-10
