216.73.216.133

CVE-2026-3136

· Published 03/03/2026 17:16 · Modified 03/03/2026 21:52

Labels: CVE-2026-3136 2026-03-03CVE-2026-3136CWE-863f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published
03/03/2026 17:16
Modified
03/03/2026 21:52
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / cloud build cpe:2.3:a:google:cloud_build:<2026-01-26:*:*:*:*:*:*:*

References