CVE 10 CRITICAL

Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution._CVE-2026-2031

May 15, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear

Description

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.

AI Analysis

Improper Access Control vulnerability allowing information disclosure and remote code execution in internal API endpoints

Basic Information

ID CVE-2026-2031

Source GoogleCloud

Published May 15, 2026 at 15:38

Modified May 15, 2026 at 16:11

Affected Product

Vendor Google Cloud

Product Internal Integration Platform APIs

Affected Versions Google Cloud Internal Integration Platform APIs 0

CWE Classification

CWE-862

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Google Cloud

Product Internal Integration Platform APIs

References

docs.cloud.google.com /gemini/enterprise/docs/release-notes

{
    "lastseen": "",
    "description": "An Improper Access Control\u00a0vulnerability in\u00a0several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows\u00a0a remote, unauthenticated attacker\u00a0to\u00a0disclose sensitive internal information and execute arbitrary code\u00a0using\u00a0specially crafted HTTP requests to inadvertently exposed internal API endpoints.",
    "published": "2026-05-15T15:38:24.607Z",
    "modified": "2026-05-15T16:11:44.918Z",
    "type": "cve",
    "title": "Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.",
    "source": "GoogleCloud",
    "references": "https://docs.cloud.google.com/gemini/enterprise/docs/release-notes#May_07_2026",
    "id": "CVE-2026-2031",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud Internal Integration Platform APIs 0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Internal Integration Platform APIs",
    "version": "0",
    "vendor": "Google Cloud",
    "ai_description": "Improper Access Control vulnerability allowing information disclosure and remote code execution in internal API endpoints",
    "ai_severity": "Critical",
    "ai_vendor": "Google Cloud",
    "ai_product": "Internal Integration Platform APIs",
    "ai_version": "0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply