Missing Authorization Issue in Dialogflow CX on Google Cloud Platform
CVE-2026-4764
9.4CRITICAL
What is CVE-2026-4764?
A missing authorization vulnerability in the playbook import functionality of Dialogflow CX on Google Cloud Platform enables authenticated users with specific roles to escalate their privileges. By utilizing a crafted playbook import, these users could potentially take full control over a GCP project. The issue was addressed on March 15, 2026, with a patch that does not require any action from customers.
Affected Version(s)
Dialogflow CX 0 < 2026-03-15
