CVE-2026-14934
Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. This vulnerability was patched on 10 May 2026, and no customer action is needed.
| CWE | CWE-862 |
| Vendor | google cloud |
| Product | bigquery |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for google cloud bigquery
Be the first to know when new unknown vulnerabilities affecting google cloud bigquery are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Google Cloud / BigQuery
2025-10 < 2026-05-10
Google Cloud / Dataform
2025-10 < 2026-05-10
Google Cloud / Colab Enterprise
2025-10 < 2026-05-10
References
Credits
๐ Omer Amiad