CVE-2026-12537 is a critical vulnerability with a CVSS score of 10, affecting Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22. The vulnerability is caused by improper neutralization used in an OS command in the container launcher, allowing an unprivileged attacker to achieve pre-sandbox host-level code execution via a maliciously crafted .gemini/.env fi [truncated]
CVE-2026-4764 is a Critical Missing Authorization vulnerability in Dialogflow CX on Google Cloud Platform. An authenticated user with specific roles can exploit this vulnerability to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. The vulnerability was patched on March 15, 2026, and no customer action is required.
A critical vulnerability in Google Cloud Apigee's SetIntegrationRequest policy enables Server-Side Request Forgery (SSRF) with service account token exfiltration. The flaw requires an administrator to first configure an API proxy insecurely, creating an attack path for remote adversaries to leverage the misconfigured policy for unauthorized internal requests and credential theft. The CVSS 4.0 vector indic [truncated]
CVE-2026-2031 is a critical improper access control vulnerability described as affecting several internal API endpoints in Google Cloud Application Integration prior to 2026-01-23. The CVE description states that a remote, unauthenticated attacker could use specially crafted HTTP requests against inadvertently exposed internal API endpoints to disclose sensitive internal information and execute arbitrary [truncated]
CVE-2026-2472 is a Stored Cross-Site Scripting (XSS) vulnerability in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0. This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model [truncated]