216.73.217.80

CVE-2026-4764

· Published 11/06/2026 14:16 · Modified 11/06/2026 15:22 · Author: The MITRE Corporation

Labels: CVE-2026-4764 2026-06-11CVE-2026-4764CWE-862f45cbf4e-4146-4068-b7e1-655ffc2c548c

Essential information

Published
11/06/2026 14:16
Modified
11/06/2026 15:22
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV
No
CWE
CWE-862
CVSS vector

CVSS metrics

Description

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was patched on 15 March 2026, and no customer action is needed.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f45cbf4e-4146-4068-b7e1-655ffc2c548c
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / dialogflow cx cpe:2.3:a:google:dialogflow_cx:*:*:*:*:*:*:*:google_cloud_platform:*

References