Missing Authorization Vulnerability in Google App Engine Cloud Console
CVE-2026-8934

6.9MEDIUM

Key Information:

Vendor: Google Cloud
Status: Cloud Console Uis
Vendor: CVE Published:; 22 June 2026

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2026-8934?

A vulnerability exists in the Google App Engine's private GraphQL API which allows an unauthenticated remote attacker to access sensitive request logs from various projects. This exploitation is achieved through specially crafted requests, enabling disclosure of confidential data without proper authorization checks. A patch has been released on 7 April 2026, ensuring users are protected from this issue without requiring any action from them.

Affected Version(s)

Cloud Console UIs 0 < 2026-04-07

References

https://docs.cloud.google.com/support/bulletins#gcp-2026-038

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 19, 2026

Credit

Michael Dalton

Arvin Shivram

CVE-2026-8934 Data

JSON