Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability
Arvin Shivram earned $148,337 from Google for uncovering CVE-2026-2031, a critical access control flaw in Google Cloud Application Integration that enabled remote code execution in production.
Security researcher Arvin Shivram has been awarded $148,337 by Google for discovering and exploiting a chain of vulnerabilities in Google Cloud's Application Integration service that ultimately allowed remote code execution (RCE) in Google's production environment. The core flaw, now tracked as CVE-2026-2031, carries a perfect CVSS score of 10.0 and represents one of the most severe cloud-native bugs disclosed this year.
The attack chain, detailed by Shivram on BruteCat's blog under the title "StubZero," began with automated fuzzing that flagged an internal API endpoint, cloudcrmipfrontend-pa.googleapis.com, for returning HTTP 200 responses on suspicious debugging paths. Further probing revealed an endpoint, v1/integrationPlatform/getProtoDefinition, that leaked protobuf descriptors for arbitrary internal services—including YouTube and Google's internal CRM stack. Because Google's internal services are heavily protobuf-driven, this "req2proto as a service" leak gave the attacker a near-complete map of internal API schemas, making black-box research far easier.
The same API surface also exposed a listQuotaQueue endpoint. When queried with the right parameters and the X-Goog-Encode-Response-If-Executable: base64 header, it leaked an internal workflow execution queue along with a critical clientId value. Armed with that client ID, the researcher could create draft workflows via createDraftWorkflow in the internal Application Integration backend and began exploring tasks visible in the discovery document.
The turning point came with an internal task type called GenericStubbyTypedTaskV2, a generic wrapper around Google's Stubby RPC framework inside Application Integration workflows. By configuring this task type with parameters such as serverSpec, serviceName, and serviceMethod, the attacker could trigger arbitrary Stubby RPC calls from Google's production environment, using the privileged service identity of the integration platform. Google's Cloud Vulnerability Reward Program documentation classifies Stubby-level access as RCE in the production environment because it provides broad access to internal services and data.
Initially, workflow publishing was blocked by a two-person approval requirement that prevented a single account from both editing and publishing a workflow. Shivram bypassed this by abusing an internal ACL endpoint, integrationPlatform/auth/setAcl, to add two attacker-controlled Google accounts to the workflow ACL, using one as the requester and the other as approver. In a subsequent collaboration with another researcher, they discovered that Google's initial mitigations were only partially deployed across backend instances behind a load balancer. By repeatedly sending createDraftWorkflow requests until they hit a still-vulnerable backend, they preserved the RCE path just before the fix fully propagated.
Three months later, the same researcher identified a second RCE chain in the public Application Integration APIs involving insecure direct object references (IDOR) and the "test cases" feature. A global test case listing RPC, combined with a binary-search filter technique, allowed reconstruction of victim integration UUIDs and cross-tenant access to full workflow definitions, including those operated by internal Google teams. Google awarded $60,000 for the first chain, $75,000 for the second, and an additional $13,337 for a lingering single-service privilege escalation, for a combined payout of $148,337. Google has since addressed the issue by restricting internal endpoint access, fixing IDOR weaknesses, and strengthening RPC security controls.