CVE-2026-2264
CriticalSummary
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
Risk Assessment
This threat could lead to unauthorized access to cloud resources and data, posing a serious risk to the organization's security.
Recommendation
It is recommended that administrators ensure that the API proxy configuration is secure and does not allow for the exploitation of this vulnerability.
Original NVD description (English source)
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

