CVE-2026-8934

UNKNOWN 0.0

Cross-Project Information Leakage in Google App Engine UI

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed.

CWE	CWE-862
Vendor	google cloud
Product	cloud console uis
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for google cloud cloud console uis

Be the first to know when new unknown vulnerabilities affecting google cloud cloud console uis are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google Cloud / Cloud Console UIs

0 < 2026-04-07

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cloud.google.com: https://docs.cloud.google.com/support/bulletins#gcp-2026-038

Credits

🔍 Michael Dalton 🔍 Arvin Shivram