CVE-2026-3259

UNKNOWN 0.0

Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process. This vulnerability was patched on 29 January 2026, and no customer action is needed.

CWE	CWE-209
Vendor	google cloud
Product	bigquery
Published	Apr 23, 2026

Stay Ahead of the Next One

Get instant alerts for google cloud bigquery

Be the first to know when new unknown vulnerabilities affecting google cloud bigquery are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google Cloud / BigQuery

0 < 01/29/2026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cloud.google.com: https://docs.cloud.google.com/bigquery/docs/release-notes/#April_15_2026

Credits

🔍 Gonzalo López Zuloaga