Privilege Escalation in Dialogflow CX via Playbook Import
CVE-2026-4764

9.4CRITICAL

Key Information:

Vendor: Google Cloud
Status: Dialogflow Cx
Vendor: CVE Published:; 11 June 2026

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2026-4764?

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.

This vulnerability was patched on 15 March 2026, and no customer action is needed.

Affected Version(s)

Dialogflow CX 0 < 2026-03-15

References

https://docs.cloud.google.com/dialogflow/docs/release-not...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2026
Vulnerability Reserved
Mar 24, 2026

Credit

Sreeram KL

CVE-2026-4764 Data

JSON