CVE Catalog

CVE-2026-8934

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

CVE-2026-8934 is a Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console, allowing an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request.

Risk Assessment

This vulnerability may lead to the exposure of sensitive information, posing a risk to the privacy and security of the organization's data.

Recommendation

The vulnerability was patched on April 7, 2026, and no customer action is needed.

Original NVD description (English source)

A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched on 7 April 2026, and no customer action is needed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS