Missing Authorization in Google Cloud BigQuery and Colab Enterprise
CVE-2026-14934

9.4CRITICAL

Key Information:

Vendor
CVE Published:
13 July 2026

What is CVE-2026-14934?

A vulnerability in the repository creation feature across Google Cloud BigQuery, Dataform, and Colab Enterprise allows authenticated attackers to escalate their privileges. By exploiting this flaw, attackers can take over repositories across different tenants, potentially compromising sensitive data. This issue was resolved on May 10, 2026, with no customer intervention required.

Affected Version(s)

BigQuery 2025-10 < 2026-05-10

Colab Enterprise 2025-10 < 2026-05-10

Dataform 2025-10 < 2026-05-10

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Omer Amiad
.