PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14934 Google Cloud CVE debrief

CVE-2026-14934 is a Missing Authorization vulnerability in Google Cloud BigQuery, Dataform, and Colab Enterprise. The vulnerability allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The issue existed in versions between October 2025 and May 10th, 2026. A patch was applied on May 10, 2026, and no customer action is required. This vulnerability has a CVSS score of 9.4 and is considered CRITICAL.

Vendor
Google Cloud
Product
BigQuery
CVSS
CRITICAL 9.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Google Cloud BigQuery, Dataform, and Colab Enterprise should be aware of this vulnerability. Although no customer action is needed, understanding the potential impact is crucial for maintaining security posture. Security teams and administrators responsible for these services should review the vulnerability details and ensure that their instances are patched.

Technical summary

The vulnerability, CVE-2026-14934, is a Missing Authorization issue in the repository creation functionality of Google Cloud BigQuery, Dataform, and Colab Enterprise. It allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The vulnerability existed in versions between October 2025 and May 10th, 2026. The issue has been patched, and no customer action is required. The CVSS score for this vulnerability is 9.4, indicating a high severity.

Defensive priority

High

Recommended defensive actions

  • Review and verify the patch status of Google Cloud BigQuery, Dataform, and Colab Enterprise
  • Ensure that all instances are running with the latest updates
  • Monitor for any suspicious activity related to repository creation and privilege escalation
  • Perform a thorough review of repository creation and privilege escalation events
  • Verify the integrity of repository creation and access controls
  • Check for any unusual patterns in repository access or modifications
  • Confirm that all necessary logs and monitoring are in place for affected systems

Evidence notes

The CVE record was published on 2026-07-13T11:16:26.470Z and has not been modified since then. The NVD entry is currently 9.4 CRITICAL. The vulnerability affects Google Cloud BigQuery, Dataform, and Colab Enterprise, with a patch applied on May 10, 2026. Evidence is limited to public sources and CVE details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T11:16:26.470Z and has not been modified since then.