Missing Authorization Issue in Dialogflow CX on Google Cloud Platform
CVE-2026-4764

9.4CRITICAL

Key Information:

Vendor
CVE Published:
11 June 2026

What is CVE-2026-4764?

A missing authorization vulnerability in the playbook import functionality of Dialogflow CX on Google Cloud Platform enables authenticated users with specific roles to escalate their privileges. By utilizing a crafted playbook import, these users could potentially take full control over a GCP project. The issue was addressed on March 15, 2026, with a patch that does not require any action from customers.

Affected Version(s)

Dialogflow CX 0 < 2026-03-15

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sreeram KL
.