CVE-2026-2274

UNKNOWN 0.0

Arbitrary File Read and SSRF in Google AppSheet

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no customer action is needed.

CWE	CWE-918
Vendor	appsheet
Product	appsheet web (main server)
Published	Feb 19, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for appsheet appsheet web (main server)

Be the first to know when new unknown vulnerabilities affecting appsheet appsheet web (main server) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

AppSheet / AppSheet Web (Main Server)

0 < 2025-11-23

References

NVD ↗ CVE.org ↗ EPSS Data ↗

discuss.google.dev: https://discuss.google.dev/t/november-23-2025/332118

Credits

🔍 Tomas Lažauninkas