Description
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data.


This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
Published: 2026-07-09
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is needed.
Title Cross-Tenant Data Exfiltration in Apigee via BigQuery Confused Deputy
Weaknesses CWE-441
CWE-610
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/U:Clear'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published:

Updated: 2026-07-09T13:42:48.913Z

Reserved: 2026-06-22T09:35:44.962Z

Link: CVE-2026-12879

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-441

    Unintended Proxy or Intermediary ('Confused Deputy')

  • CWE-610

    Externally Controlled Reference to a Resource in Another Sphere