๐Ÿ” CVE Alert

CVE-2026-14934

UNKNOWN 0.0

Cross-Tenant Repository Takeover via Improper Access Control in BigQuery, Dataform and Colab Enterprise

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A Missing Authorization vulnerability in the repository creation functionality in Google Cloud BigQuery, Dataform and Colab Enterprise, in the versions between October 2025 and May 10th, 2026, on Google Cloud Platform, allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. This vulnerability was patched on 10 May 2026, and no customer action is needed.

CWE CWE-862
Vendor google cloud
Product bigquery
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for google cloud bigquery

Be the first to know when new unknown vulnerabilities affecting google cloud bigquery are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Google Cloud / BigQuery
2025-10 < 2026-05-10
Google Cloud / Dataform
2025-10 < 2026-05-10
Google Cloud / Colab Enterprise
2025-10 < 2026-05-10

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
docs.cloud.google.com: https://docs.cloud.google.com/support/bulletins#gcp-2026-047

Credits

๐Ÿ” Omer Amiad