๐Ÿ” CVE Alert

CVE-2026-12715

UNKNOWN 0.0

Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no customer action is needed.

CWE CWE-862
Vendor google cloud
Product firebase studio
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for google cloud firebase studio

Be the first to know when new unknown vulnerabilities affecting google cloud firebase studio are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Google Cloud / Firebase Studio
0 < 2026-04-15

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
docs.cloud.google.com: https://docs.cloud.google.com/support/bulletins#gcp-2026-043

Credits

๐Ÿ” A Security Researcher