Sensitive Data Exposure Vulnerability in Google BigQuery by Google
CVE-2026-3259

7.1HIGH

Key Information:

Vendor: Google Cloud
Status: Bigquery
Vendor: CVE Published:; 23 April 2026

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2026-3259?

A vulnerability exists in the Materialized View Refresh mechanism of Google BigQuery on Google Cloud Platform, which allows an authenticated user to potentially expose sensitive information. This occurs when a specially crafted materialized view triggers a runtime error during the refresh process, leading to the potential disclosure of confidential data. Google addressed this issue with a patch released on January 29, 2026, and no customer action is required to mitigate the risk.

Affected Version(s)

BigQuery 0 < 01/29/2026

References

https://docs.cloud.google.com/bigquery/docs/release-notes...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Feb 26, 2026

Credit

Gonzalo López Zuloaga

CVE-2026-3259 Data

JSON