CVE-2026-3136

UNKNOWN 0.0

Google Cloud Build Comment Control Bypass

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.

CWE	CWE-863
Vendor	google cloud
Product	cloud build
Published	Mar 3, 2026
Last Updated	Mar 4, 2026

Stay Ahead of the Next One

Get instant alerts for google cloud cloud build

Be the first to know when new unknown vulnerabilities affecting google cloud cloud build are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google Cloud / Cloud Build

0 < 1/26/2026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cloud.google.com: https://docs.cloud.google.com/build/docs/release-notes#March_03_2026

Credits

🔍 inspector-ambitious