CVE-2026-2031
published 2026-05-15CVE-2026-2031: An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote…
PriorityP268critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUClear
EPSS
0.51%
39.8th percentile
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| google_cloud | internal_integration_platform_apis | < 2026-01-23 | 2026-01-23 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5m89-9vmq-75r8: An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remot
ghsa_unreviewed·2026-05-15
CVE-2026-2031 [CRITICAL] CWE-862 GHSA-5m89-9vmq-75r8: An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remot
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.
VulDB
Google Cloud Internal Integration Platform API prior 2026-01-23 API Endpoint authorization
vuldb·2026-05-15·CVSS 10.0
CVE-2026-2031 [CRITICAL] Google Cloud Internal Integration Platform API prior 2026-01-23 API Endpoint authorization
A vulnerability was found in Google Cloud Internal Integration Platform API. It has been classified as critical. Affected is an unknown function of the component API Endpoint. The manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2026-2031. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is recommended.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-15
Published