CVE Catalog

CVE-2026-2264

Critical
Published: Translated: NVD NIST

Summary

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.

Risk Assessment

This threat could lead to unauthorized access to cloud resources and data, posing a serious risk to the organization's security.

Recommendation

It is recommended that administrators ensure that the API proxy configuration is secure and does not allow for the exploitation of this vulnerability.

Original NVD description (English source)

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS