Critical severityNVD Advisory· Published May 15, 2026· Updated May 18, 2026
CVE-2026-2031
CVE-2026-2031
Description
An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose sensitive internal information and execute arbitrary code using specially crafted HTTP requests to inadvertently exposed internal API endpoints.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2026-01-23
Patches
Vulnerability mechanics
References
1News mentions
1- Researcher Earns $148,337 for Google Cloud Production RCE VulnerabilityCyber Security News · Jun 23, 2026