CVE 9.4 CRITICAL

Privilege Escalation in Dialogflow CX via Playbook Import_CVE-2026-4764

June 11, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear

Description

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.

This vulnerability was patched on 15 March 2026, and no customer action is needed.

AI Analysis

Privilege escalation vulnerability in Dialogflow CX via playbook import

Basic Information

ID CVE-2026-4764

Source GoogleCloud

Published Jun 11, 2026 at 10:13

Modified Jun 11, 2026 at 12:41

Affected Product

Vendor Google Cloud

Product Dialogflow CX

Affected Versions Google Cloud Dialogflow CX 0

CWE Classification

CWE-862

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Google Cloud

Product Dialogflow CX

References

docs.cloud.google.com /dialogflow/docs/release-notes

{
    "lastseen": "",
    "description": "A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.\n\n\nThis vulnerability was patched on 15 March 2026, and no customer action is needed.",
    "published": "2026-06-11T10:13:40.082Z",
    "modified": "2026-06-11T12:41:05.278Z",
    "type": "cve",
    "title": "Privilege Escalation in Dialogflow CX via Playbook Import",
    "source": "GoogleCloud",
    "references": "https://docs.cloud.google.com/dialogflow/docs/release-notes#May_07_2026",
    "id": "CVE-2026-4764",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud Dialogflow CX 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Clear",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dialogflow CX",
    "version": "0",
    "vendor": "Google Cloud",
    "ai_description": "Privilege escalation vulnerability in Dialogflow CX via playbook import",
    "ai_severity": "Critical",
    "ai_vendor": "Google Cloud",
    "ai_product": "Dialogflow CX",
    "ai_version": "0",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply