Improper Access Control in Google Cloud Application Integration
CVE-2026-2031

10CRITICAL

Key Information:

Vendor: Google Cloud
Status: Internal Integration Platform Apis
Vendor: CVE Published:; 15 May 2026

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2026-2031?

A significant vulnerability exists within Google Cloud Application Integration involving improper access control measures across several internal API endpoints. This flaw permits remote, unauthenticated attackers to gain access to sensitive internal information and potentially execute arbitrary code. By sending specially crafted HTTP requests to inadvertently exposed internal API endpoints, attackers can exploit this weakness to compromise system integrity. Organizations using affected versions should prioritize remediation to safeguard their environments.

Affected Version(s)

Internal Integration Platform APIs 0 < 2026-01-23

References

https://docs.cloud.google.com/gemini/enterprise/docs/rele...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Feb 5, 2026

Credit

Arvin Shivram

CVE-2026-2031 Data

JSON