CVE-2026-2264

UNKNOWN 0.0

Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetIntegrationRequest Policy.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

CWE	CWE-918
Vendor	google cloud
Product	apigee-x
Published	May 26, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for google cloud apigee-x

Be the first to know when new unknown vulnerabilities affecting google cloud apigee-x are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google Cloud / Apigee-X

0 < 1.14.4 0 < 1.15.2 0 < 1.16.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cloud.google.com: https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins#gcp-2026-034

Credits

🔍 Nikita Markevich