Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear

Description

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.

This vulnerability was patched on 29 January 2026, and no customer action is needed.

Basic Information

ID CVE-2026-3259

Source GoogleCloud

Published Apr 23, 2026 at 08:35

Affected Product

Vendor Google Cloud

Product BigQuery

Affected Versions Google Cloud BigQuery 0

CWE Classification

CWE-209

References

docs.cloud.google.com /bigquery/docs/release-notes/

{
    "lastseen": "",
    "description": "A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.\n\nThis vulnerability was patched on 29 January 2026, and no customer action is needed.",
    "published": "2026-04-23T08:35:04.149Z",
    "modified": "2026-04-23T08:35:04.149Z",
    "type": "cve",
    "title": "Sensitive Data Disclosure in BigQuery via Materialized View Error Messages",
    "source": "GoogleCloud",
    "references": "https://docs.cloud.google.com/bigquery/docs/release-notes/#April_15_2026",
    "id": "CVE-2026-3259",
    "bulletinFamily": "",
    "cwe": [
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud BigQuery 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BigQuery",
    "version": "0",
    "vendor": "Google Cloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sensitive Data Disclosure in BigQuery via Materialized View Error Messages_CVE-2026-3259