CVE-2026-2264

Published: Mag 26, 2026 Last Modified: Mag 26, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,2

Source: f45cbf4e-4146-4068-b7e1-655ffc2c548c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.

For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: Web Based, AI/ML, Web Server

View CWE Details

https://docs.cloud.google.com/apigee/docs/security-bulletin…

https://docs.cloud.google.com/apigee/docs/security-bulletins/security-bulletins…

CVE-2026-2264

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter