216.73.217.80

CVE-2026-2264

· Published 26/05/2026 17:16 · Modified 26/05/2026 20:26

Labels: CVE-2026-2264 2026-05-26CVE-2026-2264CWE-918f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published
26/05/2026 17:16
Modified
26/05/2026 20:26
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / cloud apigee cpe:2.3:a:google:cloud_apigee:*:*:*:*:*:*:*:*

References