PatchSiren cyber security CVE debrief
CVE-2026-14934 Google Cloud CVE debrief
CVE-2026-14934 is a Missing Authorization vulnerability in Google Cloud BigQuery, Dataform, and Colab Enterprise. The vulnerability allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The issue existed in versions between October 2025 and May 10th, 2026. A patch was applied on May 10, 2026, and no customer action is required. This vulnerability has a CVSS score of 9.4 and is considered CRITICAL.
- Vendor
- Google Cloud
- Product
- BigQuery
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Google Cloud BigQuery, Dataform, and Colab Enterprise should be aware of this vulnerability. Although no customer action is needed, understanding the potential impact is crucial for maintaining security posture. Security teams and administrators responsible for these services should review the vulnerability details and ensure that their instances are patched.
Technical summary
The vulnerability, CVE-2026-14934, is a Missing Authorization issue in the repository creation functionality of Google Cloud BigQuery, Dataform, and Colab Enterprise. It allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The vulnerability existed in versions between October 2025 and May 10th, 2026. The issue has been patched, and no customer action is required. The CVSS score for this vulnerability is 9.4, indicating a high severity.
Defensive priority
High
Recommended defensive actions
- Review and verify the patch status of Google Cloud BigQuery, Dataform, and Colab Enterprise
- Ensure that all instances are running with the latest updates
- Monitor for any suspicious activity related to repository creation and privilege escalation
- Perform a thorough review of repository creation and privilege escalation events
- Verify the integrity of repository creation and access controls
- Check for any unusual patterns in repository access or modifications
- Confirm that all necessary logs and monitoring are in place for affected systems
Evidence notes
The CVE record was published on 2026-07-13T11:16:26.470Z and has not been modified since then. The NVD entry is currently 9.4 CRITICAL. The vulnerability affects Google Cloud BigQuery, Dataform, and Colab Enterprise, with a patch applied on May 10, 2026. Evidence is limited to public sources and CVE details.
Official resources
-
CVE-2026-14934 CVE record
CVE.org
-
CVE-2026-14934 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f45cbf4e-4146-4068-b7e1-655ffc2c548c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T11:16:26.470Z and has not been modified since then.