PatchSiren cyber security CVE debrief
CVE-2026-4764 Google Cloud CVE debrief
CVE-2026-4764 is a Critical Missing Authorization vulnerability in Dialogflow CX on Google Cloud Platform. An authenticated user with specific roles can exploit this vulnerability to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. The vulnerability was patched on March 15, 2026, and no customer action is required.
- Vendor
- Google Cloud
- Product
- Dialogflow CX
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Dialogflow CX on Google Cloud Platform, especially those with specific roles that could be exploited for privilege escalation.
Technical summary
The vulnerability has a CVSS score of 9.4 and is classified as CRITICAL. It allows an attacker to escalate privileges and potentially take over a GCP project. The vulnerability was patched on March 15, 2026.
Defensive priority
high
Recommended defensive actions
- Review the patch notes for Dialogflow CX on Google Cloud Platform to ensure the patch has been applied.
- Monitor user activity and privilege escalation attempts in your GCP projects.
- Restrict roles and permissions for users who could potentially exploit this vulnerability.
Evidence notes
The vendor is listed as Unknown Vendor, but evidence suggests the vulnerability is related to Google.
Official resources
-
CVE-2026-4764 CVE record
CVE.org
-
CVE-2026-4764 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
f45cbf4e-4146-4068-b7e1-655ffc2c548c
CVE-2026-4764 was published on June 11, 2026, and last modified on June 11, 2026.